The G-7 group of leading economies published very high-level cybersecurity guidance for public and private sector financial institutions on Tuesday.
The guidance is the first real effort to establish transnational standards for cybersecurity in perhaps the most high-stakes sector of all — financial services.
It comes after a number of online attacks on SWIFT, the global interbank messaging system, including a successful compromise in February that stole $81 million from the Bangladeshi central bank’s account at the New York Federal Reserve and laundered it through Philippine casinos.
“Sovereign borders do not contain these [online] threats, and accordingly, nations must work together to address them,” Treasury Deputy Secretary Sarah Bloom Raskin warned in a statement. The G-7 is made up of the seven largest developed economies — Britain, Canada, France, Germany, Italy, Japan and the United States.
Raskin, co-chair of the G-7 Cyber Expert Group, which drafted the three-page non-binding guidance, said it aimed to provide eight “fundamental elements” of cybersecurity based on an “emerging consensus” about best practices.
“It has to be dynamic,” she said, noting that threats change and evolve constantly.
The eight fundamental elements are:
- Having a cybersecurity strategy and framework;
- Governance — make sure that those with cybersecurity responsibilities also have the authorities and can be held accountable;
- Assess risks, implement appropriate controls;
- Network monitoring — to identify cyber incidents and measure the effectiveness of controls;
- Response planning and coordination;
- Recovery preparation;
- Information sharing; and
- Continuous learning
Officials stressed how the financial services sector is connected on a global level, highlighting the importance of transnational guidance.
“The international financial architecture is only as strong as its weakest link and that is why the United States should work with our partners around the world to bolster their information security and resiliency,” said Federal Reserve Board Vice Chairman Stanley Fischer.
He called the eight fundamental elements “a crucial step in further hardening each link in the chain of our global financial system.”
But the immediate ambition of the project seems more limited.
“We hope [it will] drive a common lexicon,” said a Treasury official. “We hope it will … identify, across the G-7, where there might be, not just different approaches, but different vulnerabilities.”