OCC BULLETIN 2014-14
Subject: Distributed Denial-of-Service Cyber Attacks, Risk Mitigation, and Additional Resources
Date: April 3, 2014
To: Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, Technology Service Providers, Department and Division Heads, All Examining Personnel, and Other Interested Parties
Description: Joint Statement
The members of the Federal Financial Institutions Examination Council (FFIEC)1 have issued the attached joint statement to notify financial institutions of the risks associated with the continued distributed denial-of-service (DDoS) attacks and the steps that institutions are expected to take to address these attacks. The joint statement refers institutions to resources to help them mitigate the risks posed by such attacks.
The members of the FFIEC expect financial institutions to address DDoS readiness as part of their ongoing information security and incident response plans. Each institution is expected to
Questions regarding the FFIEC statement should be directed to the Office of the Comptroller of the Currency’s Bank Information Technology Division at (202) 649-6340.
Carolyn G. DuChene
1 The FFIEC members include the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the State Liaison Committee, and the Consumer Financial Protection Bureau.