|by Kaja Whitehouse, USAToday|
"We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time, Lawsky said Wednesday at
He called such an attack a "cyber 9/11."
As such, he is considering new rules to force banks and insurance companies under DFS, such as
For example, Lawsky said he wants to incorporate cyber protections into the grades DFS gives the banks and insurance companies it regulates.
Financial firms "care deeply" about their grades because they can impact their ability to pay dividends or acquire other companies, Lawsky said.
Lawsky said DFS could also mandate multi-factor authentication systems employees when logging into their internal systems. Single step passwords "should have been dead and buried many years ago. And it is time that we bury it now," he said.
Lawsky also wants financial firms under DFS to receive guarantees from third-party vendors, who "can provide a backdoor entrance for hackers."
In his speech, Lawsky also tackled new rules he is considering to better protect against money laundering, including random audits for banks and requiring executives to certify that their monitoring is up to snuff.
"Money is the oxygen feeding the fire that is terrorism," Lawsky said. "Without moving massive amounts of money around the globe, international terrorism cannot thrive."
Yet, Lawsky said his office has already discovered some banks don't take monitoring and flagging of suspicious transactions seriously.
Indeed, British bank
Lawsky told the crowd at Columbia that DFS caught
"We basically ran the company's transactions through our own filtering system and compared the results. This was a new approach," Lawsky said, noting that regulators typically rely on self reporting of the firms they oversee.
"What regulators have not done is actively tested the effectiveness of the filtering systems banks are using. That needs to change," he said.