Testifying on behalf of the New York Bankers Association, Doug Johnson told the state Senate that service providers should be subject to the same cybersecurity requirements as banks to prevent cyber-attacks on financial institutions.
Johnson pointed to a number of distributed denial-of-service—or DDoS—attacks over the past year that targeted online banking platforms and interrupted services.
“Vulnerability to such attacks are in many instances based on security gaps that may exist on the part of our retail and business customers, outsourced service providers or other business partners,” Johnson, the vice president and senior advisor for risk management policy at the American Bankers Association, said. “Many financial institutions, particularly those that are community-based, are also highly independent on core banking system processors and internet banking providers for cybersecurity protection.”
Johnson said further federal intervention is necessary to address the growing threat of cyber-attacks.
“The progress we are making is ultimately inadequate without Congressional action to enhance, facilitate and protect threat information sharing across sectors and with government,” Johnson said.
He lauded the Cyber Intelligence Sharing and Protection Act, which is designed to improve cybersecurity by facilitating information sharing between public and private entities.
Johnson said “national and state efforts must be complementary” to be successful.
“Investments in… research and development initiatives should be encouraged, and we are supportive of any Congressional action at the Federal level that enhances tax and other incentives for cybersecurity research and development,” Johnson said.