Chairwoman Maloney Issues Statement on GAO Report Warning that Treasury Not Doing Enough in Fight Against Cyberattacks

Sep 17, 2020
Press Release

Washington, D.C. (Sept. 17, 2020)—Today, Rep. Carolyn B. Maloney, the Chairwoman of the Committee on Oversight and Reform, issued the following statement after the Government Accountability Office (GAO) issued a new report warning that the Department of the Treasury is failing to adequately track or prioritize cyber risk mitigation efforts in the financial services sector:

“Today’s report makes clear that Secretary Mnuchin and the Treasury Department are falling short in their responsibility to protect our nation’s critical financial services infrastructure.  Cyberattacks are becoming increasingly sophisticated and frequent, but the Department is not doing enough to ensure that priority cyber needs are addressed.  The Administration has not updated our nation’s plan to address security risks in the financial services sector since 2016, and it is now out of date.  I urge Secretary Mnuchin to implement the recommendations in this report immediately.  As the Administration’s failed response to the coronavirus pandemic makes clear, we cannot wait for a crisis to respond.  We must prepare now.”

In the report entitled, “Critical Infrastructure Protection: Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts,” GAO found:

  • “Treasury does not track efforts or prioritize them according to goals established by the [financial services] sector for enhancing cybersecurity and resiliency.”
  • “The 2016 [financial services] sector-specific plan, which is intended to direct sector activities, does not identify ways to measure sector progress and is out of date.”
  • “The [financial services] sector has also faced an increase in attacks from well-organized attackers with significant resources.”
  • “Unless more widespread and detailed tracking and prioritization of efforts occurs according to the goals laid out in the sector-specific plan, the [financial services] sector could be insufficiently prepared to deal with cyber-related risks.”


116th Congress