Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

Special Inquiry Report Prepared for Honorable Richard Shelby, Chairman, Committee on Banking, Housing, and Urban Affairs, U.S. Senate (Report No. OIG-17-001)

This is the accessible text file for FDIC OIG report entitled 'Special Inquiry Report Prepared for Honorable Richard Shelby, Chairman, Committee on Banking, Housing, and Urban Affairs, U.S. Senate (Report No. OIG-17-001), November 07, 2016 ' .

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments.

We have maintained the structural and data integrity of the original printed product in this text file to the extent possible. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

Federal Deposit Insurance Corporation

Office of Inspector General

[FDIC OIG letterhead, FDIC logo, Federal Deposit Insurance Corporation, Office of Inspector General, 3501 Fairfax Drive, Arlington, Virginia 22226 ]

TRANSMITTED VIA ELECTRONIC MAIL

November 7, 2016

Honorable Richard Shelby, Chairman, Committee on Banking, Housing, and Urban Affairs, U.S. Senate

Washington, D.C. 20510-6075

Dear Chairman Shelby:

In our letter to you, dated July 29, 2016, and in response to a request from your staff, we committed to examine allegations that instructions were given to Federal Deposit Insurance Corporation (FDIC) employees to obscure an advanced persistent threat (APT) occurring in 2011 and/or delay remediating it because of the timing of the FDIC Chairman's confirmation process. In furtherance of our Special Inquiry into this matter, we interviewed nine people, collected relevant documents from witnesses, and judgmentally searched and reviewed thousands of emails.1 Our work on this request is now complete and we write to report our findings. In brief, although there is evidence that the FDIC's then-Chief Information Officer (CIO) made a remark concerning the Chairman's pending confirmation during a discussion of the remediation process, we were unable to substantiate that the remark or the impending confiz~rnation affected either remediation or disclosure of the APT.

Footnote 1: Specifically, we obtained emails, calendar items, and other documents about the APT from the five DIT employees who recalled the then-CIO's remark about the status of the Chairman's confirmation. We searched the FDIC's email vault for relevant emails to or from the then-CIO and then-CISO and performed a judgmental review. We also ran keyword searches against the entire corpus of the FDIC email vault (which includes emails to and from those with fdic.gov email addresses back to January 1, 2008) and reviewed all search results.

During the course of our Special Inquiry, we learned that a meeting concerning the APT took place in the then-Chief Information Security Officer's (CISO) office during August or September 2011. Seven people were present: the then-CISO, the then-CIO, and five other Division of Information Technology (DIT) employees. The then-CISO reported that he had received advice from other CISOs in government and industry to shut the entire FDIC network down in order to remediate the APT. The group discussed the possibility of a weekend shutdown, perhaps over the upcoming 3-day Veterans Day weekend.2

Footnote 2: In terms of timing, the now-Chairman's nomination hearing before the Committee on Banking, Housing, and Urban Affairs of the U.S. Senate was held on July 26, 2011. The Chairman was ultimately confirmed on November 15, 2012.

We interviewed all seven people present at the meeting. Five of them recalled that when asked by a DIT staff member in attendance what the Chairman's Office thought of a potential 3-day shutdown, the then-CIO smiled and said, "we have an Acting Chairman that wants to be appointed," or words to that effect. The then-CISO did not recall the then-CIO making such a statement.3 The then-CIO did not recall making such a statement and stated that if he did so, it would have been a "facetious," "light-hearted," or "off-the-cuff' comment. The then-CIO further stated that the Chairman's pending confirmation did not influence any of his decisions about remediating the APT. Finally, the then-CIO stated that no one from the Chairman's Office ever attempted to influence the APT remediation efforts.

Footnote 3: Another witness recalled hearing about the then-CIO's comment from the meeting second-hand from the then-CISO, but did not have evidence that the remediation plans ultimately were influenced by the Chairman's confirmation process.

After the meeting, DIT continued to plan for a 3-day shutdown, which became known internally as the "Big Bang Weekend." A number of interviewees reported that DIT, in consultation with the then-CIO and then-CISO, ultimately postponed, and did not reschedule, the shutdown because they believed that other, less disruptive, technical solutions were available to remediate the APT.

Although some of those we interviewed disagreed with the decision to forgo the weekend shutdown, none could point to evidence that there was a connection between the then-CIO's alleged comment and the decision to cancel the Big Bang Weekend. Therefore, we are not able to establish a causal relationship between the alleged comment and the decision not to go forward with the Big Bang Weekend.

Those we interviewed acknowledged that facts about the APT were closely held. Most believed that this was due to the security concerns associated with still having an active threat actor in the system. The then-CISO also told us there was a general concern about undercutting confidence in the FDIC and the banks during the then-ongoing banking crisis. He did not relate that concern to the Chairman’s confirmation process.

We found no evidence that the then-CIO, or other individuals, made any similar comments at other points in time about the Chairman’s confirmation process. Equally, we have not found evidence that the Chairman or the Chairman’s Office attempted to obscure, or influence the remediation of, the APT based on the status of his confirmation process. During his testimony at the July 14, 2016 hearing before the Committee on Science, Space, and Technology of the U.S. House of Representatives, the Chairman stated directly that he was unaware of any such allegation prior to reading it in the Committee’s Interim Report, issued one day before the hearing. The Chairman also told our office that he never asked anyone to obscure or delay remediating the APT based on the timing of his confirmation process or for any other reason. If you have any questions, please feel free to contact me at 703-562-6339 or fgibson@fdic.gov. Regina Sandler of my staff is also available to assist you and can be reached at 703-562-2727 or rsandler@fdic.gov.

Sincerely,

Fred W. Gibson, Jr. /Signed/, Acting Inspector General

cc: Honorable Sherrod Brown, Ranking Member Committee on Science, Space, and Technology of the U.S. House of Representatives Committee on Financial Services of the U.S. House of Representatives

[End of letter]

Print Print
Close