WASHINGTON – Cyber-terrorists who seek to cripple or destroy the U.S.infrastructure threaten financial institutions, NCUA ChairmanDebbie Matz told a CUNA Governmental Affairs Conference audiencehere Monday morning.

“Attacks, intended to create disruption, can crash networks but can also serve as adiversion for more damaging assaults,” Matz told a packed generalsession. “Imagine cyber-terrorists stealing passwords from yourcredit union and using (it) as an entry point to gain access toevery payment system and every vendor with which you have a digitalrelationship.”

That scenario is more than just a what-if. Matz said hackersalready breached a mid-sized credit union and used the creditunion's passwords to access one of the larger credit bureaus.

“From there, the hackers stole credit reports on hundreds ofpeople who weren't even credit union members,” she said.

To help credit unions fight the threat, Matz announced a newpage on the NCUA's website that provides information, includingpreventative measures credit unions can take. The NCUA is alsoparticipating in a cyber-threat working group with otherregulators, law enforcement and intelligence communities, shesaid.

At the NCUA, Matz said, stringent security measures are in placeto protect members' information.

Matz urged officials to protect their credit unions by workingcollaboratively with their information technology teams, vendors,and other credit unions. She offered three specific ways creditunions can protect themselves from cyber terrorism:

• Implement appropriate risk-mitigation controls to betterprotect, detect and recover from cyber-attacks. This includesvendor due diligence, strong password policies, proper patchmanagement, employee training and network monitoring.
• Make sure IT staff and vendors are on top of emergingcyber-threats. Hire experts who can be counted on to answer thevery tough question: “Is my credit union really protected?”
• Get educated. Share cyber-security best practices with eachother at league meetings, chapter meetings and professional groups.Participate in national information-sharing forums.

Matz also encouraged credit unions to review the NationalInstitute of Standards and Technology cyber-security framework toevaluate how the standards could further protect credit unions andtheir members. The standards are part of President Barack Obama'scyber-security goals, she said.

Matz also touched upon interest rate risk, urging her audienceto avoid chasing short-term yields and instead keep investmentportfolios that mitigate long-term risk.

“It's easy to fall into the trap of chasing near-term profits byconcentrating your portfolio in long-term investments, but fallinginto this trap will imperil your credit union,” Matz said. “Creditunions cannot afford to ignore this,” she said. “Ignoring risingrates is like pitching a tent on the beach at low tide. That tideis shifting. This swing from unrealized gains to unrealized lossesmarks a dangerous warning of things to come.”