Photo via Stefan Fussan/Flickr (CC-BY-SA)
House lawmakers are probing serious security breaches at the Federal Reserve after reports that hackers hit the nation's central bank more than 50 times in five years.
Reuters and CNN, citing internal documents from the Federal Reserve's National Incident Response Team, reported Thursday that the computer network of the Board of Governors, the system's managing entity, had suffered more than 50 cyberattacks between 2011 and 2015.
"In eight information breaches between 2011 and 2013—a time when the Fed's trading desk was buying massive amounts of bonds—Fed staff wrote that the cases involved 'malicious code,' referring to software used by hackers," Reuters journalists wrote in their story.
In a letter sent Friday, first reported by Reuters, House Science and Technology Committee Chairman Lamar Smith (R-Texas) and Oversight Subcommittee Chairman Barry Loudermilk (R-Georgia) excoriated Federal Reserve Chairwoman Janet Yellen.
"These reports raise serious concerns about the Federal Reserve's cybersecurity posture, including its ability to prevent threats from compromising highly sensitive financial information housed on the agency's systems," the two Republicans wrote.
"Given the especially sensitive data stored on the Federal Reserve’s systems, which could be extremely valuable in the hands of foreign governments and those who seek to threaten the stability of the U.S. financial system, the Committee is interested in learning how NIRT responds to security incidents, and how the group works to prevent threats from compromising information contained on the Federal Reserve’s systems."
They also noted that the Fed's internal reports didn't detail whether hackers had stolen any money or sensitive data during the breaches.
Smith and Loudermilk asked Yellen to provide their committee with documents describing the operations and structure of the National Incident Response Team and its counterparts at the Fed's 12 regional branches. They want a full accounting of all "confirmed cybersecurity incidents" and communications between Fed employees about "higher impact cases."
The lawmakers set a deadline of June 17 for the Fed to produce the material and asked Yellen to have her staff arrange a briefing for the committee by June 10.
Asked for comment on the letter, a Federal Reserve Board spokesperson said only, "We have received the letter and will respond to it."