During a virtual roundtable event hosted by the Parliamentary Intelligence-Security Forum, participants discussed the growing cyber threat against financial organizations and appropriate policy responses.
“The rate of cyberattacks on U.S. financial infrastructure is increasing in severity and sophistication,” Dr. Roslyn Layton explained, despite greater government regulation and spending.
Evidence overwhelming indicates these attacks are being perpetrated with greater frequency by Chinese state-sponsored actors. “I don’t know if it’s a coincidence,” Pavel Popescu, a member of the Romanian Parliament, said, “but the same day last week that Europe postponed signing a commercial agreement with China, the Brussels offices of the European Union were attacked through a cyberattack.”
Part of the problem, Dr. Layton added, is inconsistent cyber security protocols, particularly disconnects between federal and state agencies. “Across many states, items restricted by the federal government are used every day by state governments… We are outfitting our most important infrastructure with Chinese products.”
A 2019 audit by the U.S. Department of Defense Inspector General found that DoD personnel purchased $32.8 million of technology with known cyber security vulnerabilities, including items made by Lenovo and Lexmark. That despite a A 2018 Congressional report that named Lenovo and Lexmark among the Chinese state-owned entities that pose a threat to supply chain security and national security interests.
Former Congressman Robert Pittenger, who served on the U.S. House Committee on Financial Services, compared economic support to China’s state-owned technology companies to the rise of Germany’s fascist government in the 1930s. “It demonstrates a lack of good judgement about our adversaries.”
The recent cyberattack on the Colonial Pipeline and the SolarWinds hack underscore how mainstream cyberattacks have become, added former Congressman Denver Riggleman. “We must consider whether offensive cyber can counter these attacks,” he stated, both technically and from a policy perspective.
The participants roundly agreed about the need for greater collaboration between policymakers, the private sector and academics, both to isolate Chinese threats and foster greater competition in tech markets. “Ordinary Americans should and do care about this problem,” Dr. Layton explained. “It is not an Ivory Tower issue.”
Dr. Layton reiterated the findings from China Tech Threat’s report High-Tech Heist as practical measures financial institutions can take to improve their cyber security: Don’t wait for policymakers to fix the problem; conduct cyber resiliency audits; remove elements with cyber vulnerabilities; and adopt secure cyber sourcing strategies.