NCUA Board Member Tanya F. Otsuka during a meeting of the NCUA Board.
As Prepared for Delivery on October 24, 2024
Thanks, Dave and Todd, for this briefing and your work to keep the NCUA and the greater credit union system safe from cyberattacks. As we commemorate Cybersecurity Awareness this month, we are reminded of the invisible---yet very real—threats to our credit union system. This is the perfect time to learn and start practicing, if we have not already, good cyber “habits.” Simple practices, such as having unique passwords for different systems, can go a long way in protecting the cyber infrastructure of our credit union system and the agency.
Cyberattacks come in all forms, including ransomware and even attacks to ATMs or emails, and can affect credit unions of all sizes. A credit union having to pay millions to a hacker to retrieve its own customers' data hurts credit union members, reduces trust in the greater system, and potentially negatively impacts the share insurance fund. Therefore, I am happy to support the work of your team as you implement the new cyber-incident reporting webform and continue to build out the information security examination program.
Additionally, I would be remiss if I did not highlight that the NCUA needs third-party vendor authority to fully safeguard our system of cooperative credit from cyber threats. Compared to our counterparts at the banking agencies, we lack critical oversight of third-party vendors, to which credit unions often tum to protect their data. These third parties can also be exploited as back doors into credit unions' processing systems. We've seen how our agency's lack of authority and limited insight into a critical component of the credit union ecosystem has impacted our ability to help credit unions respond to cyber-attacks in real time. It also hinders us from working with other agencies to minimize vulnerabilities in the broader financial system. I think it is imperative that we continue to work with Congress to restore this much needed authority to the NCUA.
Thank you.