Protecting financial networks from cyberattacks

As a child, I stored my Industrial Valley Bank savings passbook in a shoebox at the foot of my bed – along with my other most treasured possessions like my Top Ten baseball cards. My savings then was the fruit of my labor shoveling snow and raking leaves. But more than that, my passbook’s additions and subtractions represented something more fundamental and sacrosanct: where I stood with my financial affairs.

Today, of course, such financial records are maintained electronically, in massive servers that store the data of billions of customers of financial institutions across the planet. But while the modern interconnectivity of our banks and financial firms offers tremendous opportunities, it creates tremendous risks, as well. These risks are international in scope – and require a response international in nature. The upcoming G20 summit offers an opportunity for the world’s economic powers to begin the process of speaking with one voice of the need to secure our financial networks from debilitating cyberattack.

{mosads}The threat posed by hackers targeting U.S. and world financial institutions continues to grow. As the former Chairman of the U.S. House of Representative’s cybersecurity subcommittee, I’ve examined the threat up close.

In February of last year hackers infiltrated the network of Bangladesh’s central bank and initiated $1 billion in fraudulent transfer requests. The hackers succeeded in moving $81 million to accounts in the Philippines – one of the largest bank heists in history. At nearly the same time, the website of Belgium’s national bank went down after a “DDoS” attack by the hacking group DownSec Belgium. In 2015 a pro-Russian hacker group allegedly infiltrated the network of the Ukrainian Finance Ministry and in 2014, a group affiliated with Islamic State hacked into the Warsaw Stock Exchange.

Attacks like these threaten the stability of the entire global financial system. These incidents should be a wake-up call – and a global call to action. Every G20 nation has an interest in the stability of the global financial system. Even Russia – governed by an oligarchy of Putin-aligned billionaires – has an interest in ensuring its financial networks are secure.

In March, the G20 finance ministers warned “the malicious use of Information and Communication Technologies could disrupt financial services crucial to both national and international financial systems, undermine security and confidence and endanger financial stability.” They should be commended for raising the issue. And when they meet in July, they should go a step further: commit their countries to refraining from the use of offensive cyber tools to attack the global financial system, and pledge to cooperate when such attacks do occur.

By explicitly rejecting manipulations of the integrity of financial system data, the G20 can speak with one voice that such attacks are unacceptable – and more effectively take action against states that violate the norm. It would also push nations to pursue more aggressively non-state hackers operating within their borders.

Importantly, such a declaration would not impose new limits on G20 nations. The world’s leading economies already refrain from using offensive cyber operations to corrupt data in financial networks. As a recent paper by the Carnegie Endowment for International Peace (“Toward A Global Norm Against Manipulating the Integrity of Financial Data”, 3/27/2017) argues, making this standard explicit can deter future state-sponsored intrusions by G20 and non-G20 nations alike.

Both the new administration and the new Congress have made improving cybersecurity a priority. The United States is already the world’s financial leader. It’s time we lead a global effort to secure our financial markets and networks against cyberattack.

Rep. Patrick Meehan represents Pennsylvania’s 7th District in the U.S. House of Representatives and chaired the Homeland Security Committee’s Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies in the 113th Congress. 

The views expressed by this author are their own and are not the views of The Hill.