Quiero saber acerca de...

khammond on DSKJM1Z7X2PROD with PROPOSALS

2300

Federal Register / Vol. 86, No. 7 / Tuesday, January 12, 2021 / Proposed Rules
be viewed by clicking on the Documents tab and filtered by clicking on the Sort By drop-down on the right side of the screen or the Refine Results options on the left side of the screen. For assistance with the Regulations.gov Beta site, please call 877 3785457 toll free or 703 454
9859 MondayFriday, 9 a.m.5 p.m. ET
or email regulations@
erulemakinghelpdesk.com. The docket may be viewed after the close of the comment period in the same manner as during the comment period.
Board:
When submitting comments, please consider submitting your comments by email or fax because paper mail in the Washington, DC area and at the Board may be subject to delay. You may submit comments, identified by Docket No. R1736 RIN 7100AG06, by any of the following methods:
Agency Website: http
www.federalreserve.gov. Follow the instructions for submitting comments at http www.federalreserve.gov/
generalinfo/foia/RevisedRegs.cfm.
Email: regs.comments@
federalreserve.gov. Include docket and RIN numbers in the subject line of the message.
FAX: 202 4523819 or 202 452
3102.
Mail: Ann E. Misback, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 20551.
All public comments will be made available on the Boards website at:
http www.federalreserve.gov/
generalinfo/foia/RevisedRegs.cfm as submitted, unless modified for technical reasons or to remove personally identifiable information at the commenters request. Accordingly, comments will not be edited to remove any identifying or contact information.
Public comments also may be viewed electronically or in paper in 146, 1709
New York Avenue NW, Washington, DC
20006, between 9:00 a.m. and 5:00 p.m.
on weekdays.
FDIC:
Agency Website: https
www.fdic.gov/regulations/laws/federal/.
Follow the instructions for submitting comments on the Agency website.
Email: Comments@fdic.gov. Include RIN 3064AF59 in the subject line of the message.
Mail: James P. Sheesley, Assistant Executive Secretary, Attention:
Comments, Federal Deposit Insurance Corporation, 550 17th Street NW, Washington, DC 20429.
Hand Delivery/Courier: Comments may be hand delivered to the guard
VerDate Sep<11>2014

16:31 Jan 11, 2021

Jkt 253001

station at the rear of the 550 17th Street NW, building located on F Street on business days between 7:00 a.m. and 5:00 p.m.
Public Inspection: All comments received will be posted without change to https www.fdic.gov/regulations/
laws/federal/including any personal information providedfor public inspection. Paper copies of public comments may be ordered from the FDIC Public Information Center, 3501
North Fairfax Drive, Room E1002, Arlington, VA 22226 or by telephone at 877 2753342 or 703 5622200.
FOR FURTHER INFORMATION CONTACT:
OCC: Patrick Kelly, Director, Critical Infrastructure Policy, 202 6495519, Jennifer Slagle Peck, Counsel, 202
6495490, or Priscilla Benner, Senior Attorney, Chief Counsels Office, 202
6495490, or persons who are hearing impaired, TTY, 202 6495597, Office of the Comptroller of the Currency, 400
7th Street SW, Washington, DC 20219.
Board: Nida Davis, Associate Director, 202 8724981, Julia Philipp, Lead Financial Institution Cybersecurity Policy Analyst, 202 4523940, Don Peterson, Supervisory Cybersecurity Analyst, 202 9735059, Systems and Operational Resiliency Policy, of the Supervision and Regulation Division;
Jay Schwarz, Special Counsel, 202
4522970, Claudia Von Pervieux, Senior Counsel 202 4522552, Legal Division, Board of Governors of the Federal Reserve System, 20th and C Streets NW, Washington, DC 20551. For the hearing impaired only, Telecommunications Device for the Deaf TDD users may contact 202 2634869.
FDIC: Robert C. Drozdowski, Special Assistant to the Deputy Director 202
8983971, RDrozdowski@FDIC.gov, and Martin D. Henning, Deputy Director 202 8983699, mhenning@fdic.gov, Division of Risk Management Supervision; Graham N. Rehrig, Senior Attorney 703 3143401, grehrig@
fdic.gov, and John Dorsey, Acting Supervisory Counsel 202 8983807, jdorsey@fdic.gov, Legal Division, Federal Deposit Insurance Corporation, 550 17th Street NW, Washington, DC
20429.
SUPPLEMENTARY INFORMATION:
I. Introduction Cyberattacks reported to federal law enforcement have increased in frequency and severity in recent years.1
These types of attacks may use destructive malware or other malicious 1 See Federal Bureau of Investigation, internet Crime Complaint Center, 2019 internet Crime Report at 5 last accessed Sept. 4, 2020, available at https pdf.ic3.gov/2019_IC3Report.pdf.

PO 00000

Frm 00002

Fmt 4702

Sfmt 4702

software to target weaknesses in the computers or networks of banking organizations supervised by the agencies.2 Some cyberattacks have the potential to alter, delete, or otherwise render a banking organizations data and systems unusable. Depending on the scope of an incident, a banking organizations data and system backups may also be affected, which can severely affect the ability of the banking organization to recover operations. The Office of the Comptroller of the Currency OCC, Board of Governors of the Federal Reserve System Board, and the Federal Deposit Insurance Corporation FDIC collectively, the agencies are issuing a notice of proposed rulemaking the proposal or proposed rule that would require a banking organization to notify its primary federal regulator when the banking organization believes in good faith that a significant computersecurity incident has occurred.3 This notification requirement is intended to serve as an early alert to a banking organizations primary federal regulator and is not intended to include an assessment of the incident.
The agencies also recognize that a computer-security incident may be the result of non-malicious failure of hardware, software errors, actions of staff managing these computer resources, or potentially criminal in nature. Banking organizations that experience a computer-security incident that may be criminal in nature are expected to contact relevant law enforcement or security agencies, as appropriate, after the incident occurs.4
Moreover, banking organizations have become increasingly reliant on bank 2 See Cybercriminals and Fraudsters: How Bad Actors Are Exploiting the Financial System During the COVID19 Pandemic: Virtual Hearing Before the Subcommittee on National Security, International Development and Monetary Policy of the U.S. House Committee on Financial Services 116th Congress 2020 written statement of Tom Kellerman, Head of Cybersecurity Strategy, VMware, Inc., available at https
financialservices.house.gov/uploadedfiles/hhrg116-ba10-wstate-kellermannt-20200616.pdf.
3 As defined by the proposed rule, a computersecurity incident is an occurrence that results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. To promote uniformity of terms, the agencies have sought to align this term to the fullest extent possible with an existing definition from the National Institute of Standards and Technology NIST. See NIST, Computer Security Resource Center, Glossary last accessed Sept. 20, 2020, available at https
csrc.nist.gov/glossary/term/Dictionary.
4 For example, a local FBI field office. See FBI, Contact Us, Field Offices, https www.fbi.gov/
contact-us/field-offices last accessed Dec. 9, 2020.

E:FRFM12JAP1.SGM

12JAP1