Today, the U.S. Department of the Treasury and the Board of Governors of the Federal Reserve System welcomed publication of the Group of 7 (G-7) Fundamental Elements of Cybersecurity for the Financial Sector.
The finance ministers and central bank governors of the G-7 countries today released the fundamental elements, which provide a concise set of principles on best practices in cybersecurity for public and private entities in the financial sector.
“Cyber threats present a set of pressing operational, reputational and financial stability risks facing the international financial system. Sovereign borders do not contain these threats, and accordingly, nations must work together to address them,” said Treasury Deputy Secretary Sarah Bloom Raskin, co-chair of the G-7 Cyber Expert Group. “The fundamental elements announced today are a significant achievement in our efforts to cooperate and improve cybersecurity within our countries. They are also a testament to the growing international resolve to counter cyberattacks and I encourage private and public sector leaders alike to use them to drive and fortify their institutions’ cybersecurity and resiliency.”
The fundamental elements help address cyber risks facing the financial sector from both entity-specific and system-wide perspectives. The elements are building blocks that public or private entities in the financial sector can use to design and implement their cybersecurity strategy. Public authorities, including finance ministries, central banks, and regulators, can also use the elements to inform their efforts to both protect the financial sector from cyberattacks and to effectively respond to and recover from incidents when they occur.
“The international financial architecture is only as strong as its weakest link and that is why the United States should work with our partners around the world to bolster their information security and resiliency,” said Federal Reserve Board Vice Chairman Stanley Fischer. “These elements are a crucial step in further hardening each link in the chain of our global financial system.”
The eight elements start with entities establishing cybersecurity strategies and operating frameworks tailored to their specific cyber risks, and assigning roles and responsibilities for personnel implementing, managing, and overseeing those strategies and frameworks. The elements also call on entities to identify activities that present cyber risks and implement controls to protect against and manage those risks. In addition to covering how entities should respond to, recover from, and share information on cyber incidents, the elements reinforce the need for a dynamic process of continuous learning, through which entities systematically re-evaluate their cybersecurity strategies and frameworks based on lessons learned as their operational and threat environments evolve.
The G-7 Cyber Expert Group was established in 2015 with the mandate of surveying member jurisdictions’ approaches to financial sector cybersecurity and issuing recommendations to the G-7 finance ministers and central bank governors.