The Office of Inspector General of the Federal Reserve’s Board of Governors is currently reviewing how the U.S. central bank is providing adequate oversight of financial institutions’ information security controls and cybersecurity threats, the watchdog said in a report of its current activities.
“The growing sophistication and volume of cybersecurity threats presents a serious risk to all financial institutions,” the OIS wrote, which will release its audit in the fourth quarter.
The Fed has been questioned by U.S. lawmakers about how cyber criminals stole $81 million from a New York Fed account held by the central bank of Bangladesh, according to Reuters. The central bank is also facing scrutiny about its own cybersecurity practices after a Reuters report revealed more than 50 cyber breaches at the Fed between 2011 and 2015.
In an audit report released last month, the OIG said that, overall, the Fed is effectively protecting its computer systems, but that the central bank should strengthen its controls in the areas of risk management, continuous monitoring, user group management, contractor account management, and system documentation. The OIG then listed 10 recommendations to address those issues.
“In addition, we identified a risk for management’s continued attention related to transport layer security,” the OIG wrote. “Although the board has recognized this risk in a plan of action and milestones, we are including the issue in our report because it had not been remediated as of the end of our fieldwork.”