It 1-- matte escort COMMITTEE or covraamcmm arrmas PIC 1351-3 63 53 May 1'9 2M6 William C Dudley President and Chief Executive Uf cer The Federal 1Reserve Bank of New York 33 Liberty Street New York NY Dear Mr Dudley 1 write today to request information about recent cyberattacks involving the Society for Worldudde Interbank Financial Telecommunication WIFT a provider of secure messaging services for nancial institutions In Fehmary 2d ti an anonymous group of cyber criminals reportedly posed as the Central Bank of Bangladesh and used the SWIFT system to fraudulently transfer $31 million from an account at the Federal Reserve Bank York to accounts in the Philippines According to press reports these criminals exploited weak cybersccurity protections at the ISentral Bank of Bangladesh to create fully authenticated transfer orders and then used sophisticated malware to hide evidence of the transaction- Most recently it was reported that cyber criminals also used the SWIFT system to attack the Tim Phong Bank in Vietnam In a May 13 2016 letter to its usem SWIFT apparently wanted that this attack was part of a Hvider and highly adaptive campaign targeting banks and that the attackers clearly exhibit a deep and sophisticated knowledge of speci c operation controls within the targeted It is my understanding that there is no evidence of any attempt to penetrate Federal Reserve systems or that any Federal Reserve were compromised in connection with these recent incidents However these cyberattacks raise important questions about the security of die system and the ability of its members to prevent future attacks Congress has a responsibility to continue to strengthen our nation s cybersecurity including ensuring that the system need by our banks to engage in cross border transactions is secure Only by staying a step ahead of these cyber threats can we ensure the security of our nancial system To better understand how the Federal Reserve is addressing these attacks 1 ask that you please provide the following information by June Ellie 1 Does the Federal Reserve plan to revise its cybersccutity policies or its own internal control environment in response to these attacks It so please explain Mr William Kindle r May I9 EDIE Page 2 2 Cyher criminals repertedlv attempted the attack en the lien Pheng Bank several menths befere the attaek en the Central Bank ef Bangladesh What are the and praetiees et' the Federal Reserve Bank at New Yerk fer sharing lnt ermatien ahent vherseeurltv threats targeting rnern her hanlr s 3 While SWIFT nan advise members en eyberseeuritv practices SWIFT dees net employ a meehanism te ensure that members adhere te these standards tn the website the main instrument fer eversight ef SWIFT is meraI suasien Has the Federal Reserve previded teehnieal assistance In eemmereial er lbreign eentral hank end users en the types ef teehnieal eperatienal managerial and eentrels that eeuld hest preteet the seenrit r ef the netwerlt 4 Please describe the steps the Federal Reserve has taken te with SWIFT the Central Bank ef Bangladesh the Department ef' Herneland Seeuritv the Department el Treasury and ether institutlens te strengthen the seeuritv ef the SWIFT system since the attaeks alse request that see ensure that a brie ng is seheduled with my staff regarding these issues The Cemntittee s minerit r staff is autherired tn eenduet this investi atien under the autheritv ef Senate Rule XXV and Senate Reselutien T3 1 14 Can Thank yea the yeur attentien In this matter With heat persnnal regards i am Sinnerer veurs Tem Carper Ranking Member ee The Henerahle Ren Jehnsen Chairman