Agencies Approve Cybersecurity Notification Rule

Agencies Approve Cybersecurity Notification Rule

Federal bank regulatory agencies on Thursday (Nov. 18) approved a final rule that will streamline the sharing of information about cybersecurity threats and incidents that might affect the U.S. banking system, according to an announcement by the U.S. Office of the Comptroller of the Currency.

The new rule “requires a banking organization to notify its primary federal regulator of any significant computer-security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred,” per the announcement.

Agencies must file notifications for incidents that “have materially affected — or are reasonably likely to materially affect — the viability of a banking organization’s operations, its ability to deliver banking products and services, or the stability of the financial sector,” the announcement says.

The notice adds that bank service providers must notify customers “as soon as possible when the provider determines that it has experienced a computer-security incident that has materially affected or is reasonably likely to materially affect banking organization customers for four or more hours.”

Agencies must comply with the final rule by May 1, 2022.

Related: Lawmakers Could Bar Private Company Ransomware Payments

Sen. Gary Peters of Michigan, the chairman of the Senate Homeland Security Committee, said during a Washington Post Live event last month that Congress is “not closing the door” on banning ransomware payments, citing a $100 million Cyber Response and Recovery Fund in the bipartisan infrastructure bill debated this summer.

The FBI says that companies shouldn’t pay ransom to the fraudsters hacking computer networks, but private companies have been allowed to make the payments if they want.

In June, President Joe Biden met with Russian President Vladimir Putin and pushed for a crackdown on what Biden said were cybercrimes based in Russia. Biden said that critical infrastructure shouldn’t be targets of ransomware attacks.

The Biden administration also hosted 30 leaders from around the world in a virtual global summit to fight ransomware in October.

The U.S. Treasury Department said American banks have recorded about $600 million in suspected ransomware payments in the first half of 2021, more than all of 2020.

Also Read: Senator Decries ‘Anonymity’ of Crypto in Crimes, Calls on Gov’t to Act

In September, Sen. Maggie Hassan of New Hampshire, a member of the Senate Homeland Security and Governmental Affairs Committee, said that the rise in ransomware and similar cyberattacks over the last year was helped by the anonymity of cryptocurrency.