Skip to main content
OCC Flag

An official website of the United States government

OCC Bulletin 2014-14 | April 3, 2014

Distributed Denial-of-Service Cyber Attacks, Risk Mitigation, and Additional Resources: Joint Statement

To

Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, Technology Service Providers, Department and Division Heads, All Examining Personnel, and Other Interested Parties

Summary

The members of the Federal Financial Institutions Examination Council (FFIEC)1 have issued the attached joint statement to notify financial institutions of the risks associated with the continued distributed denial-of-service (DDoS) attacks and the steps that institutions are expected to take to address these attacks. The joint statement refers institutions to resources to help them mitigate the risks posed by such attacks.

Highlights

The members of the FFIEC expect financial institutions to address DDoS readiness as part of their ongoing information security and incident response plans. Each institution is expected to

  • monitor incoming traffic to its public Website,
  • activate incident response plans if it suspects that a DDoS attack is occurring, and
  • ensure sufficient staffing for the duration of the attack, including the use of previously contracted third-party services, if appropriate.

Note for Community Banks

Community banks should ensure that their in-house information technology units or their service providers are taking appropriate action to mitigate this risk.

Further Information

Questions regarding the FFIEC statement should be directed to the Office of the Comptroller of the Currency’s Bank Information Technology Division at (202) 649-6340.

 

Carolyn G. DuChene
Deputy Comptroller for Operational Risk

Related Links

1  The FFIEC members include the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the State Liaison Committee, and the Consumer Financial Protection Bureau.,/p>