Project on Cyber Risk to Financial Stability (CRFS)
The Project on Cyber Risk to Financial Stability, led jointly by the Program on the Future Cyber Risks and the Initiative on Central Banking and Financial Policy has worked to foster dialogue between experts in academia, industry, and government at the intersection of cybersecurity and financial stability to strengthen resilience in the financial industry. It is led by Jason Healey, director of the Program on Future Cyber Risks and a senior research scholar at SIPA; and Patricia Mosser, director of the Initiative on Central Banking and Financial Policy and a senior research scholar and senior fellow at SIPA.
Since 2016, the project has hosted a series of engagements bringing together experts from financial institutions, the public sector including regulators and other policymakers, academics and practitioners with backgrounds in finance and cybersecurity. It has also published a number of publications and hosted two iterations of the annual Cyber Risk to Financial Stability: State of the Field Conference.
The first paper, "The Future of Financial Stability and Cyber Risk", provides a general review of cyber risk to financial stability, contains a primer on financial stability and cyber risks, and highlights how cyber risks are different from other systemic financial risks. It also summarizes previous reports and efforts of policymakers and industry addressing these issues.
The second paper, "The Ties That Bind: A Framework to Assess the Linkage Between Cyber Risks and Financial Stability", developed a unique framework to assist analysts trying to assess how specific cyber risks might affect financial stability.
The CRFS Project has achieved meaningful recognition, presenting its approach at convenings of the Atlantic Council, the International Institute of Finance and its Market Monitoring Committee, a joint session of the Financial and Banking Information Infrastructure Committee (FBIIC) and the Financial Services Sector Coordinating Council (FSSCC), and the International Monetary Fund's (IMF) "Workshop on Supervision Activities to Build Cybersecurity." The CRFS work can also be reviewed on podcast and blog for Lawfare.
With a continued partnership with the Federal Reserve Bank of New York, another State of the Field Conference will take place in 2021, along with a series of informal workshops on the issues. Work is ongoing on cybersecurity data which may be applied to macroeconomic analysis of cyber risk.
The Cyber Risks to Financial Stability Project team includes: Jason Healey, Director of the Program on Future Cyber Risks and Senior Research Scholar at SIPA; Patricia Mosser, Director, MPA Program in Economic Policy Management; Director of the Initiative on Central Banking and Financial Policy and Senior Research Scholar and Senior Fellow at SIPA; Katheryn Rosen, SIPA Adjunct Professor of International and Public Affairs and former Deputy Assistant Secretary for Financial Institutions Policy of the US Department of Treasury. The project also includes Merit E. Janow, the Dean of SIPA.
The Ties That Bind: A Framework to Assess the Linkage Between Cyber Risks and Financial Stability
Published by The Capco Institute Journal in May 2021. It builds on the 2018 "Future of Financial Stability and Cyber Risk" publication, by developing a unique framework to assist analysts trying to assess how specific cyber risks might affect financial stability.
The Future of Financial Stability and Cyber Risk
Published by the Brookings Institution in October 2018. It provides a general review of cyber risk to financial stability, contains a primer on financial stability and cyber risks, and highlights how cyber risks are different from other systemic financial risks. It also summarizes previous reports and efforts of policymakers and industry addressing these issues.
The Lawfare Blog: Cyber Risks to Financial Stability
Examines the growing momentum around the world to bring the cybersecurity and financial stability communities closer together to be better able to manage cyberattacks on banks and other institutions of the global financial system.
The Lawfare Podcast: Cybersecurity and Financial Stability
Susan Hennessey spoke to Katheryn Rosen, Jason Healey, and Patricia Mosser. They talked about how to understand financial stability, the unique risks that cyber threats pose to it, and what gaps remain in how to mitigate those risks.
Events and Workshops
June 13-14, 2019: Katheryn Rosen participated in the SEACEN Policy Summit on Central Bank Leadership in Combating Cyber Risk that brought together senior central bank and monetary authority officials, private sector representatives, chief information security officers (CISOs), and academics with regional and global thought-leaders to discuss pressing issues relating to cybersecurity, identify challenges and possible solutions, and foster networks that will help put central banks and monetary authorities in the vanguard against these looming threats.
October 10, 2018: the Atlantic Council’s Cyber Statecraft Initiative convened key stakeholders from the financial, governmental and academic communities to convene for the release of a joint report by the Brookings Institution and Columbia University’s School of International and Public Affairs, The Future of Financial Stability and Cyber Risk. The panel was moderated by Katheryn Rosen, a Senior Fellow at the Atlantic Council’s Cyber Statecraft Initiative and a Senior Research Scholar at Columbia University School of International and Public Affairs.
July 10, 2018: workshop further developed the conceptual framework established in the previous gathering and explored amplifiers and dampeners of risk by focusing on a single market - the US treasury securities market.
May 10, 2018: SIPA hosted the first of two workshops that began the process to devise and refine a cyber risk and financial stability framework, emphasizing three pillars: financial stability, cyber risk, and transmission channels between the two.
April 18, 2017: workshop intended to tie together the work on cybersecurity conducted by the financial sector with the long-existing work of academics and financial experts on financial stability and resilience. The output of this workshop would create the agenda for needed research and policy analysis in the field of financial stability implications of cyber risks.
Cyber Risk to Financial Stability: State of the Field Conference
14-15 December 2020: The CRFS hosted its second annual State-of-the-Field Conference partnership with the Federal Reserve Bank of New York.
During the virtual event, academic and industry experts in cybersecurity and financial sectors, came together to discuss the current state of the field, and considered three guiding questions: “What We're Learning?”, “What We're Doing?”, and “What's Next?” in addressing the current and future cybersecurity challenges to the financial sector. The event was a timely discussion on the current state of the field and future steps to be taken, held just days after the disclosure of the Solar Wind cyberattack, in which a hacker group, believed to be affiliated with the Russian government, gained access to the computer systems of multiple U.S. government departments, including the Treasury and Commerce department. Read more about the event on Liberty Street Economics.
12 April 2019: The CRFS hosted its inaugural State-of-the-Field Conference hosted in partnership with the Federal Reserve Bank of New York.
The day’s discussion focused on the need for a common lexicon to define and classify cyber threats and incidents. That way, the industry as a whole can assess their systemic impact and devise macroprudential risk mitigation solutions. They also highlighted the importance of collaboration and information sharing in this field. Remarks were delivered by Mr. Kevin Stiroh, Executive Vice President of the Financial Institution Supervision Group of the Federal Reserve Bank of New York.
In the News
Synopsis´s Software Integrity Blog: Mentioned "The Future of Financial Stability and Cyber Risk" on April 25, 2019. Read here.
Forbes: Katheryn Rosen quoted on the Cyber Threat to US Finance on March 20, 2019. Read here.
International Cybersecurity Dialogue: “The Future of Financial Stability and Cyber Risk” paper featured in the dialogue and praised as “a major contribution to the academy” on November 25, 2018