It’s not just Edward Snowden who is getting classified intelligence.
Thomas J. Curry, the Comptroller of the Currency, today disclosed that some bankers, vendors and regulators for the first time are getting “classified briefings” on cybersecurity.
Curry broke the news today during a speech on cybersecurity and banking before the Exchequer Club. Curry described the briefings as follows:
Because information sharing is so important, we helped coordinate a series of classified briefings for banks, third-party service providers, and examiners. These briefings are an effective way to provide the industry with information needed to anticipate and prepare for attacks. We are conducting a number of other outreach events, including a teleconference for community banks and thrifts that attracted about 750 institutions.
Curry offered no additional details.
There are four levels of classified intelligence within the federal government:
- Top Secret – the highest level of classificiation of material on a national level;
- Secret – release of such material is said to cause “serious damage” to national security;
- Confidential – such material would cause “damage” to national security;
- Restricted – release of this material to the public would cause “undesirable effects.”
It is unclear what level of classified information is being shared with the members of the banking industry, and the OCC declined to offer any additional details. Specifically, the OCC told Bank Innovation that “we do not comment on the nature of classified briefings.”
During his remarks, the Comptroller highlighted increased risk related to the banking system’s significant reliance on technology and telecommunications, and the interconnections between these systems. Specifically, Curry said the denial-of-service attacks against banks that started in 2012 “continue today.” He warned that the OCC expects cyberattacks on banks to continue to grow in “sophistication and frequency.”
However, as we expand our use of technology, we could be expanding our exposure to these attacks. Each new product can introduce a new set of weaknesses into the system, and our early adoption of new applications and technology could outpace our ability to identify and mitigate the vulnerabilities during the product design phase, thereby providing new exploit opportunities for cyberattackers.
Sends chills down the spine.