NCUA Chairman Todd M. Harper Statement on Cybersecurity Briefing

As Prepared for Delivery on October 21, 2021

Ernie, thank you for providing the NCUA Board with a very informative cybersecurity update. I understand that this is your first Board meeting. So, welcome and well done! Joy and Tim, thank you for also being available to answer questions.

Like my fellow Board Members, I remain deeply concerned about the risks that cyber-attacks pose to our financial system. As Ernie and others have noted, the COVID-19 pandemic has increased cybersecurity exposures for all, including federally insured credit unions. To that end, the NCUA is committed to maintaining the resilience and readiness of the credit union system in responding to evolving cybersecurity risks. In that regard, the NCUA continues to mature and strengthen our cybersecurity program. 

As we mark National Cybersecurity Awareness Month this October, each of us — the NCUA, state supervisory authorities, vendors, and credit unions — has a responsibility to protect our systems, improve our ability to recover from incidents, educate our staff, share information, and report and address potential vulnerabilities. Phishing, ransomware, and distributed denial of service attacks are some of the many ways that cybercriminals exploit vulnerabilities within the credit union industry and the broader financial system. 

In order to raise awareness about the importance of cybersecurity, promote cybersecurity best practices, and inform credit unions about the potential threats they face, we are having this briefing today to receive updates on:

• cybersecurity threats,
• the NCUA information security examination and cybersecurity assessment program,
• cybersecurity guidance and risk alerts,
• the cybersecurity resources webpage at ncua.gov/cybersecurity, and
• industry outreach and partner engagement.

To compete, credit unions must be able to safely and securely use technology to deliver member services and adopt financial innovations to ensure the industry’s long-term success. We, therefore, must all work together to promote innovation with an emphasis on security and equity. I encourage credit unions to utilize the information-sharing groups and other resources presented in this briefing. 

Ernie, I now have some questions for you. First, what are the three most important actions a credit union — especially a small credit union — can take to maintain its cyber-resilience? Which resources should they leverage?

Thank you, and I urge credit unions to heed that advice to  protect themselves and their members. 

Ernie, I would also like to know more about the new ACET tool. Does it cost anything? Is it scalable? Will it educate credit unions about what they can do to improve cybersecurity?

That is helpful information. Finally, could you please provide us with an update on the InTREx-CU system? When will it be available? What are its capabilities?

Thank you for that update, Ernie. 

In closing, all credit unions, regardless of size, are vulnerable to potential cyberattacks. The NCUA is committed to strengthening the readiness of the credit union system to respond to these risks through our supervisory program, tools like ACET, training, and the CDRLF grant and loan programs. I look forward to continuing to work with Vice Chairman Hauptman and Board Member Hood on this important issue. 

Thank you again, Ernie. I now recognize Vice Chairman Hauptman for his comments.