Spy Agency Said to Help Banks Bolster Digital Defenses: Report

U.S. intelligence officials may be advising some big banks on how to shore up defenses against cyberattacks.

At least some banks that have seen their websites bog down amid a string of electronic assaults have turned to the National Security Agency for help, the Washington Post reported on Friday.

The banks are said to have pressed the nation's top spy agency for advice on how to protect their computer systems and for information about methods used in the attacks, which have swamped the websites of at least 12 banks since September and prevented customers from retrieving their accounts.

Some experts say the attacks are the work of the Iranian government, which has denied responsibility.

"Agencies like the NSA have tremendous expertise for very sophisticated types of information," an unnamed bank official told the publication.

The NSA did not respond immediately to a request for comment.

Department of Homeland Security spokesman Peter Boogaard said in an email that DHS "when called upon… collaborates with public and private sector partners, including the banking industry" to address disruptions to "critical cyber and communications networks and to reduce impacts on critical infrastructure."

Though banks long have safeguarded their networks from varied types of threats, experts say recent assaults reflect an ability by attackers to refine their approach in ways that have left banks vulnerable.

Since September, hackers have hit banks' websites with encryption requests that consume unprecedented bandwidth and processing power. Attackers also appear to be harnessing the digital horsepower of cloud computing facilities to impede banks' ability to distinguish data they need from requests they hope to repel.

Collaboration between companies and the government has precedent. In 2010, the NSA helped Google to assess an attack on the company's computers that allegedly came from the Chinese government, which was said to target Gmail accounts that belong to human rights activists. Richard George, a former NSA official, told the Post that over the past decade the agency has helped about 10 companies a year after their networks were vandalized.

Though aid to companies by the nation's spymasters can trigger privacy concerns, a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit ruled in May that the law authorizes the NSA to assess vulnerabilities in commercial technologies as part of its mission to safeguard national security.

The wave of assaults has spurred at least one bank chief to speak out about the threat and outreach to government agencies by his institution to address it. "We work closely with every government agency there is," Jamie Dimon, JPMorgan Chase's (JPM) chief executive, told the Council on Foreign Relations in October. "The CIA, the NSA, the Department of Defense — they actually know what these attacks are at the border sometimes, and we don't."

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER