On Sunday, June 2nd, 2019 "60 Minutes" aired an interview by Scott Pelly with Jerome Powell the presiding Chairman of the Federal Reserve Bank of the United States. During the interview Pelly asked Chairman Powell hard hitting questions regarding interest rates, the financial crisis and his relationship with the President. Chairman Powell was calm, cool and collected throughout most of the interview, providing quick answers to all of Pelly’s questions, but there was one question in particular that caused Chairman Powell to pause.
Pelly started his line of questioning by asking Chairman Powell about the safety of American banks today, and if it was possible for another financial crisis to occur as it did in 2008. As expected, Chairman Powell had a well thought out response that covered the exhaustive work the FED has done to research and prevent such actions that would lead to another financial crisis. After Powell’s response, Pelly poised a question regarding the safety of America’s banks from cyberattacks. The expression on Chairman Powell’s face visibly changed and he can be seen nervously fidgeting with his thumbs as he gave his response, he stated:
“We devote very large amounts of time and resources to protect the Fed, but also to protect financial institutions and the financial markets. The banks we supervise are required to have plans in place and state of the art, you know, technology. I would say for cyber risk though; I've never felt a time when I-- when I think we're doing enough.”
Pelly is clearly taken aback by the shaky response given by the man in charge of our Nation’s Banking system and notes:
“I have the sense that I just hit on the thing that keeps you up at night."
Chairman Powell confirms Pelly’s suspicion by saying:
“I would say of the risks that we face, that (cybersecurity) certainly is the largest one.”
Chairman Powell further elaborates on why cybersecurity is top of mind by saying:
“The kinds of risks that we faced in the financial crisis are very real, but we know I think generally what to do there. Cyber is a relatively new kind of a risk with nation-state actors. And it's one where-- the playbook is still being developed in real time.”
After this sobering discussion, Pelly changed focus of the interview and began questioning Powell about the Opioid crisis in the United States. Although short, this interview opens a floodgate of questions and reveals a considerable amount of uncertainty surrounding cybersecurity within the United States. If the risk of cyberattack is the top priority for someone as influential and powerful as the current Chairman of the Federal Reserve Bank, then how dire is our situation?
This interview comes on the heels of an unprecedented amount of legislative action taken by The President of the United States, who on May 11th, 2017 issued executive order 13800 titled "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure". This executive order called for a complete review and detailed report on the cybersecurity of branches of the Federal Government to be delivered within 90 days of the order. As far as timelines are concerned, an executive order by The President that demands a full review and assessment on this scale within 90 days is extreme and is clear evidence that this concern is of the highest priority.
This report that was requested by the President was brought before the Congress by the Comptroller General of the United States Gene L. Dorado, who is the head of the Government Accountability Office. Unfortunately, these reports were not filled with good news. The report states:
“IT systems are often riddled with security vulnerabilities—both known and unknown. These vulnerabilities can facilitate security incidents and cyberattacks that disrupt critical operations; lead to inappropriate access to and disclosure, modification, or destruction of sensitive information; and threaten national security, economic well-being, and public health and safety.”
The report supports these claims by citing the 2015 Equifax data breach that exposed the information of more than 148 Million Americans.
“This is illustrated by significant security breaches reported by the Office of Personnel Management (OPM) in 2015 that resulted in the loss of PII for an estimated 22.1 million individuals and, more recently, in 2017, a security breach reported by Equifax—one of the nation’s largest credit bureaus— that resulted in the loss of PII for an estimated 148 million U.S. consumers.”
In response to their findings the Government Accountability office made more than 3,000 recommendations to agencies aimed at addressing cybersecurity shortcomings in each of these action areas, including protecting cyber critical infrastructure, managing the cybersecurity workforce, and responding to cybersecurity incidents. However, many of the offices to which the recommendations were made lacked the appropriate resources and skill to properly implement these safety measures. As a result of these shortcomings more than one third of the suggested recommendations to improve cybersecurity have not been made.
The slow implementation of these efforts to improve cybersecurity are symptomatic evidence of a larger problem that stems from slow overall growth in the cybersecurity workforce. These large skill gaps in the cybersecurity industry are a major hinderance on forward progress and gives the competitive advantage to other nations, not all of whom are friendly towards the United States.
There is a significant amount of work that needs to be done to ensure that the United States maintains its place as a global leader in technology innovation and remains competitive in the cyber marketplace while simultaneously ensuring the protection of sensitive business and personal information. Thankfully, steps are being taken at the State and Federal level to help improve the level of cybersecurity in the United States, but for real progress to be made each citizen must take charge of their place in cyberspace and make a concerted effort to protect themselves in our digital world.