DDoS attacks have been confirmed that have taken down two credit unions and several large banks' websites. It's beenproven our entire financial system is vulnerable. While stealingpersonal information doesn't seem to have been at play, this is acritical concern for the entire financial services industry. Thetwo confirmed, targeted credit unions were able to get their sitesback up in a few hours, which is excellent news.

Consider for a moment if these attacks had not been one offs,but a coordinated and concerted effort to take down the U.S.—oreven global—banking system. It's not difficult to imagine, raisinggrave safety and soundness and national security concerns.

If this sounds far-fetched, you're wrong. In 2007 the Estoniangovernment was forced to shut down all access to governmentwebsites from IP addresses outside of Estonia when rioting spreadfrom the streets to the virtual highway, according to arstechnica.com. Estonia claimed that the DDoS attack came fromRussian government IP addresses.

The New York Times website was reportedly attacked bythe Chinese government for a period of four months, and it hasallegedly gone after other news sites reporting negative news aboutthat government.

Cyber warfare with countries, like Iran, where the group takingcredit for the DDoS attacks on the credit unions are from, wouldn'tbe bloody but it could be costly, which could turn bloody.

Meanwhile the Federal Financial Institutions Examination Councilis dilly-dallying with consumer disclosures in social media. This is heart-stoppingly out of touch consideringthe recent cyber attacks.

I will state upfront that I have no idea what a DDoS attackreally is or how to prevent one or repairs needed after the fact. Ido recognize the need to address this matter promptly as opposed tomaking sure CD account offerings via Twitter have proper TISAdisclosures and include the appropriate federal deposit insurancelogos.

Suppose the targeted credit unions were not billion-dollarinstitutions, but instead hundreds or thousands of credit unions orbanks with less than $100 million in assets that might not havebeen as well prepared and resourced. Imagine millions of depositorsand lenders unable to access their accounts online from variousinstitutions across the nation and the world for hours or even daysat once.

The result: Loss of confidence in the banking system andparticularly in the virtual world.

Part 748.1 of the NCUA regs states: “Catastrophic actreport. Each federally insured credit union will notify theregional director within five business days of any catastrophic actthat occurs at its office(s). A catastrophic act is any disaster,natural or otherwise, resulting in physical destruction or damageto the credit union or causing an interruption in vital memberservices…projected to last more than two consecutive business days.Within a reasonable time after a catastrophic act occurs, thecredit union shall ensure that a record of the incident is preparedand filed at its main office.”

The breach has to last two days before it's significant, andeven then credit unions are given five days to report it. Anunbelievable amount of damage could be wrought in that amount oftime regarding reputational and other types of risk that pack apunch to safety and soundness.

But instead of addressing this primary security issue, theregulators want to make sure financial institutions' Facebook pagesinclude TILA disclosures and don't violate UDAP.

No, consumer protection is the focus of the administration inspite of what's going on. Legislation was introduced to allowstudents relief in bankruptcy proceedings for student loan debt. Senator Durbinassailed private student lenders as the government's student loanportfolio is deteriorating, which Bloomberg reported.

And Fannie Mae and Freddie Mac, which fueled the flames in thehousing crisis, want to allow principal forgiveness on certainmortgages.

Michigan First FCU CEO Michael Poulos responded to the news,that, “Aside from bankruptcy, which is adjudicated within strictlegal guidelines and is subject to legal challenges from all theparties (particularly lenders), there has never been any aspect ofthe borrowing process whereby a borrower could simply claim acertain life circumstance and be relieved of a debt obligation.” Hecontinued that such a move would negatively impact loan pricing anddry up credit.

To be able to do this, they likely will have to charge lenders apremium. When the lenders' costs go up, they make up the differencefrom their borrowers. The government is simply taking a slice asthe middleman.

If this administration is truly concerned about consumerprotection, stop the DDoS attacks. That will provide consumersgreater peace of mind than adding more disclosures and costs toalready cumbersome financial transaction processes.