FDIC Faces Challenges in Cyber Oversight, Implementation

The inspector general for the Federal Deposit Insurance Corporation (FDIC) last week released a report on top challenges for the agency, which includes both ensuring effective cybersecurity oversight of banks and implementing strong information security policies within the agency.

The report, released February 14th, finds that FDIC examiners in the Information Technology Risk Examinations (InTREx) program are spending more time on examinations than previous reviews of IT systems at banks, increasing the need for more personnel. The report also highlighted the risk that could come from attacks on technology service providers (TSPs), and how that could put banks at risk.

“The FDIC must ensure that IT examinations assess how financial institutions manage cybersecurity risks, including risks associated with TSPs, and address such risks through effective supervisory strategies,” the IG report states.

The report also highlights the importance of FDIC’s own security posture, referencing past incidents from 2011, 2015 and 2016. Summarizing the agency’s 2018 FISMA report and a July 2018 review of the agency’s IT governance policies, the inspector general’s office describes shortcomings in FDIC’s systems. The report notes that FDIC increased the budget for the CISO’s office by $650,000 to improve the protection of the FDIC’s applications systems.

The report also previews upcoming reports on IT issues.

“We have a number of planned and ongoing audits of the FDIC’s internal IT operations, including the FDIC’s privacy program and practices; security of a system that supports the FDIC’s bank supervision and consumer compliance; and security of mobile devices,” the inspector general’s office notes.

Recent