GAO: Treasury Must Better Monitor Cybersecurity in Financial Services Sector
The Department of the Treasury must improve its use of data for managing cybersecurity risks in the financial services sector, according to a report by the Government Accountability Office.
GAO recommended that Treasury update its industry monitoring plan to include specific metrics for measuring the sector's cyber threat and risk mitigation efforts.
“Although Treasury generally agrees with GAO's recommendations, we caution that, in its sector-specific agency capacity, Treasury does not have the authority to implement them,” explained David Lacquement, Treasury's deputy assistant secretary of cybersecurity and critical infrastructure protection.
According to Lacquement, Treasury could issue a voluntary survey asking industry for the required data with the assurance that they will not be publicly released.
GAO first recommended in 2015 that Treasury develop metrics to measure and report on the effectiveness of the financial services sector's cybersecurity activities – metrics that the department has not yet developed.
Key sector risks include the increasing access to financial data through information technology service providers, a growth in the sophistication of malware and an increase in interconnectivity via networks, the cloud and mobile applications.
Treasury conceded that it struggles to demand data from commercial firms over their reluctance to share mitigation data.
In a 51-page report, the watchdog office recommended that Treasury work with other federal agencies, particularly the Department of Homeland Security, and sector partners in developing metrics and aligning efforts with cybersecurity goals.
GAO noted that industry groups and companies are taking steps to enhance the security and resilience of the financial services sector through a broad range of mitigation efforts, including coordination with the Financial Services Sector Coordinating Council and the Financial Systematic Analysis and Resilience Center.
Category: Popular Voices
Tags: cyber risk mitigation cybersecurity David Lacquement Department of Homeland Security FCW Financial Service Sector Coordinating Council financial services sector Financial Systematic Analysis and Resilience Center Government Accountability Office metrics Popular Voices recommendation report Treasury Department