How to Stop Cyberattacks on the US Financial System

Today, the Treasury Department placed sanctions on Yin Kecheng, an affiliate of the People’s Republic of China Ministry of State Security, in response to his cyber-intrusion into the agency’s unclassified system. This state-backed actor was able to gain access through a third-party service provider despite the hundreds of millions of dollars invested in security after the Solar Winds cyberattack in 2020. In that incident, too, a nation-state actor leveraged a third-party vulnerability to penetrate the department’s unclassified network.

These kinds of attacks from malicious cyber actors are the greatest risk the financial system faces today. Firms spend billions of dollars every year to protect themselves from such intrusions, but individual action is neither a sufficient nor efficient way to protect the whole system. That’s why Treasury launched Project Fortress, which creates a set of shared tools to protect the financial sector and the department from cyberattacks, as well as take action to hold bad actors accountable. With more than 1,000 financial firms, it is the largest public-private partnership in the agency’s history.