I M'u'lP-Fl 5 SMITH- Tussl- EDEHF PIE HNIEE JGHHECW Texas HARRING- MEMBER of the mind latest of DH SCIENCE SPACE AND TECHNOLOGY 2321 Haveonm Hoottl- Ctr-Flea BUILDING WasHINoTor-i DC 20515-5301 20212254331 maciorwhousmpov June 3 E l The Honorable Janet L t ellen Chair Board of Governors of the Federal Reserve System Street NW Washington DC Z tld Dear Ms Yellen The Committee on Science Space and Technology is conducting oversight of recent cybersecurity events at the US- Federal Reserve According to recent media reports the Federal Reserve detected more than eyber breaches between 201 1 and 2015 including several incidents involving hackers as well as other breaches described by Federal Reserve of cials as espionagef According to reports these security incidents involved hackers who used malicious code or software individuals who had Unauthorized access into the Federal Reserves systems information disclosure inappropriate usage and fraud These reports raise serious concerns about the Federal Reserve s cybersecnrity posture including its ability to prevent threats from compromising highly sensitive nancial information housed on the agency s systems To assist in the Committee s oversight of these incidents we are writing to request a brie ng and information related to these security incidents According to a Reuters report published this week the Federal Reserve experienced at least 50 breaches of its information technology systems during I through 21315 1 Elf the over 50 breaches identified by the Federal Reserve s National Incident Response Team a team of cybersecurity experts based in New Jersey reports indicate that Federal Reserve officials suspected hackers or spies to be responsible for multiple incidents 3 NIRT which created the incident reports Reuters obtained through a Freedom of information Act request however do not indicate whether sensitive information was obtained or whether hackers stole money I Also troublesome is the fact that of the reports provided by the Federal Reserve in response to the FUIA request hacking attempts were cited in 1412 reports and four hacking incidents in 2MB alone were considered acts of espionage 5 According to reports the incidents involving acts of espionage could not only refer to threats from foreign governments but also spying by private individuals or companies 5 1 Jason Lange Dustin v'oiz Fed Reords Show Dozens Breaches Rr ZUTt-i s Jun I it Hi mindsets or last visited Jun- 3 1016The Honorable Janet L r ellen June 3 ti Page 2 NIRT which handles higher impact cases involving Federal Reserve breaches is charged with spearheading the response to security incidents as well as overseeing the Federal Reserve s cybersccurity posture Regarded as the first line of defense for the central banking system one former NIRT member stated that lfthere s a breach of chwirc or another critical system they re going to wake the Federal Reserve chairman up out of bed - Anything that compromises the faith and trust in the government-backed money system Given the especially sensitive data stored on the Federal Rescrve s systems which could be extremely valuable in the hands of foreign governments and those who seek to threaten the stability of the US financial system the Committee is interested in learning how NIRT responds to security incidents and how the group works to prevent threats from compromising information contained on the Federal Reserves systems The Federal information Security Modernization Act of 2W4 directs Executive Branch departments and agencies to report major security incidents to Congress within seven days q The Office of Management and Budget released guidelines on October 30 5 to assist with determining whether an incident should be classi ed as a major seenrity breach Because of the reporting requirement contained within and supplemented by OMB guidelines the Committee is interested in teaming additional information about the details surrounding these reported security incidents at the Federal Reserve as well as whether the agency has experienced any additional breaches that rise to the level of major triggering the congressional reporting requirement To assist in the Committee's oversight of the Federal Reserve s cybersecurity posture and its response to the security incidents please contact Committee staff by June it to arrange a brie ng on the matter Please alSci provide the following documents and information as soon as possible but by no later than noon on June 21316 Unless otherwise noted please provide the requested information in unrcdacted format for the time frame from January I 20139 to the present 1 All cybersecurity incident reports created by and local cybersecurity teams 2 A detailed description of all con rmed cybersecurity incidents 3 r tlt documents and communications referring or relating to higher impact cases handled by NET or local cybersecurity teams 4 All documents and communications relating to NtR t s policies and procedures for responding to cybersecurity incidents including the incident guide 7 Shane Harris Meet the Fed's First Line of igfeiose Against Cyber Attacks FURtil tc Apt 2'9 2i I 4 warrants or 4t 4 3 tesciu sire-meet thc fed attacks last visited Jun 3 sons 3 M Federal Infonnation Security Modemiaation r'tel of HIM Pub L No Iii-23 The Honorable Janet L Yellen June 3 E lti Page 3 5 An organisational chart for the lUlffice afthe 1 Chief Information Ufficcr the Df ce of the Chief information Security Of cer and The Committee on Science Space and Technology hasjurisdietion over the National Institute of Standards and Technology which develops cybersccurity standards and guidelines to support the implementation of and compliance 1with as set forth in House Rule H When producing documents to the IEammittee please deliver production sets to the Majority Staff in Room 232l afthe Raybum House Office Building and the Minority Staff in Room 394 afthe Ford l-lause Building The Conimittee prefers ifpassible to receive all documents in electronic forrnat An attachment provides information regarding producing documents to the Committee ll you have any questions about this request please contact Lamar Echals or Caroline Ingram at 202-225 631 Thank you far your attention to this matter Sincerely Lamar Smith -ouderrnilk Chairman rrman Subcommittee on Dyersight cc Mr Mark Bialek inspector General Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau The Honorable Eddie Bernice Johnson Ranking Minority Member The Honorable Don Beyer Ranking Member Subcommittee on Enclosure El Responding to Committee Document Reguests in complying with this request you are required to produce all responsive documents in unredacted form that are in your possession custody or control whether held by you or your past or present agents employees and representatives acting on your behalf You should also produce documents that you have a legal right to obtain that you have a right to copy or to which you have access as well as documents that you have placed in the temporary possession custody or control of any third party Requested records documents data or information should not be destroyed modi ed removed transferred or otherwise made inaccessible to the Committee In the event that any entity organisation or individual denoted in this request has been or is also known by any other name than that herein denoted the request shall be read also to include that alternative identi cation The Committee s preference is to receive documents in electronic form CD memory stick or thumb drive in lieu of' paper productions Documents produced in electronic format should also be organised identi ed and indexed electronically Electronic document productions should be prepared according to the following standards The production should consist ofsingle page Tagged Image File or PDF les Document numbers in the load le should match document Bates numbers and or PDF le names If the production is completed through a series of multiple partial productions eld names and le order in all load les should match Documents produced to the Committee should include an index describing the contents of the production To the extent more than one CD hard drive memory stick thumb drive box or folder is produced each CD hard drive memory stick thumb drive box or folder should contain an index describing its contents Documents produced in response to this request shall be produced together with copies of le labels dividers or identifying markers with which they were associated when the uest was scrved When you produce documents you should identify the paragraph in the Committee s schedule to which the documents respond It shall not be a basis for refusal to produce documents that any other person or entity also possesses non identical or identical copies of the same documents ID If any efthe requested infer-m atinn is enly reasenably available in machine-readable fenn such as an a eemputer server hard drive er eemputer backup tape yeu sheuld eensult with the Ceinmittee stafer determine the apprepriate fennat in which te preduee the infermatien I 1 It cernplianee with the request eannet he made in full by the speci ed return date eemplianee shall be made tn the extent pessiblc by that date An explanatien ef why ll eemplianee is net pessible shall be previded aleng with any partial preduetien 12 In the event that a de eumenl is withheld en the basis at privilege previde a privilege leg eentaining the fellewing infermatien eeneerning any such decument the privilege asserted the type efdeeument the general subject matter the date auther and addressee and the relatienship ef the author and addressee te each ether 13 In eemplying with this request be apprised that the US Heuse ef Representatives and the Cemrnittee en Science Space and Teehnelegy de net any ef the purperted nett- diselesure privileges asseeiated with the eemmen law including but net limited to the deliberative preecss privilege the attemey client privilege and attemey werlt preduet pretcctiens any purperted privileges er preteetiens f'rern diselesure under the Freedetn ef Infermatien Act er any purperted eentraetual privileges such as nen-diselesure agreements 14 If any decument respensive te this request was but ne lenger is in yeur pessessien eustedy er eentrel identify the deeument stating its date anther subject and recipients and explain the circumstances under which the deeument ceased te be in yeur pessessien eustedy er eentrel 15 If a date er ether descriptive detail set ferth in this request referring In a deeument is inaccurate but the actual date er ether descriptive detail is knewn te yeu er is etherwise apparent item the eenteat ef the request yeu are required te preduee all decuments which weuld be respensive as if the date er ether descriptive detail were eerreet Id Unless etherwise specified the time peried cevered by this request is freni January I 2009 te the present This request is eentinuing in nature and applies te any newly-discevered infen'natien Any deeument cempilatien of data er inferrnatien net predeced because it has net been leeated er discevered by the return date shall be predueed immediately upen subsequent leeatien er disceveryn 13 All deeuments shall be Bates-stamped sequentially and predueed sequentially 19 Twe sets efdeeuments shall be delivered one set tn the Majerity Staff and ene set tn the Minerit Staff When decuments are predueed tn the preductien sets shall be delivered tn the l'vlajen'ty Staff in Reem 232l ef the Rayburn -Ieuse Gilles Building and the leinerity Staff in team 324 ef the Ferd Heuse Of ce Building Upeu eempletien cf the deeument preduetien yeu sheuld submit a written certifieatien signed by yeu er yeur eeunscl stating that a diligent search has been eempleted ef all deeuments in yeur pessessien eustedy er eentrel which reasenably eeuld centain respensive documents and all documents located during the search that are responsive have been produced to the Committee Schedule De nitions The term document means any written recorded or graphic matter of any nature whatsoever regardless of how recorded and whether original or copy including but not limited to the following memoranda reports expense reports books manuals instructions financial reports working papers records notes letters notices con rmations telegrams receipts appraisals pamphlets magazines newspapers prospectuses inter-of ce and intra- effiee communications electronic mail e-mail contracts cables notations of any type of conversation telephone call meeting or ether communication bulletins printed matter computer printouts teletypes invoices transcripts diaries analyses returns summaries minutes bills accounts estimates projections comparisons messages correspondence press releases circulars financial statements reviews opinions offers studies and investigations questionnaires and surveys and work sheets and all drafts preliminary versions alterations modifications revisions changes and amendments of any of the foregoing as well as any attachments or appendices thereto and graphic or oral records or representations of any ltind including without limitation photographs charts graphs microfiche micro lm videotape recordings and motion pictures and electronic mechanical and electric records or representations of any kind including without limitation tapes cassettes disks and recordings and other written printed typed or other graphic or recorded matter of any kind or nature however produced or reproduced and whether preserved in writing film tape disk videotape or otherwise A document bearing any notation not a part of the original test is to be considered a separate document A draft or non-identical copy is a separate document within the meaning of this term The term communication means each manner or means of disclosure or exchange of information regardless of means utilised whether oral electronic by document or otherwise and whether in a meeting by telephone facsimile email desktop or mobile device test message instant message MMS or SMS message regular mail telexes releases or otherwise The terms and and or shall be construed broadly and either conjunctiver or disjunctiver to bring within the scope of this request any information which might otherwise be construed to be outside its scope The singular includes plural number and vice versa The masculine includes the feminine and neuter genders The terms person or persons mean natural persons firms partnerships associations corporations subsidiaries divisions departments joint ventures proprietorships syndicates or other legal business or gevemment entities and all subsidiaries affiliates divisions departments branches or other units thereof The term identify when used in a question about individuals means to provide the following information the individual's complete name and title and the individual's business address and phone number 6 The term referring er relating with respeet to any given subject means anything that eenstitutes eentains embudies re eets identi est states refers ta deals 1with err is pertinent to that subject in any manner whatsoever