The official added that security by end users of electronic systems and the bank is "critical to the stability of the global financial system."
Still, the official acknowledged the Fed has no ability to control cybersecurity procedures at the roughly 250 foreign central banks around the world that have accounts at the Fed. "Every user of authenticated financial messaging traffic is ultimately responsible for its own systems," the official said. Pressed on whether the Fed should take a more aggressive role in the cybersecurity of its foreign counterparts, the official said: "I guess I'm struggling a little bit to understand in what context we would be involved."
"For example," the official said, "why would the Bank of England have any right to come into the Fed and look at the end security of our systems?"
In a 2014 operating circular issued to institutions seeking electronic connections to the Federal Reserve, the Fed wrote that those institutions should comply with security measures "required" by a reserve bank, but each one should also "exercise its own independent judgments about security and additional steps or procedures needed to prevent fraud, unauthorized access or other unauthorized use of an Electronic Connection."
That raises the question of just who is responsible for covering the loss when money is stolen from Fed accounts. In the same circular, the Fed spelled out what it considers its own liability. "The Reserve Banks are not liable for loss or damage resulting from a problem beyond their reasonable control," the Fed wrote. That includes "malware received from or introduced by any entity other than a Reserve Bank."
It's unclear whether there have been any other previous heists from accounts at the Fed. Asked whether there have been other hacking attempts to fraudulently transfer assets out of a Fed account, the official said: "I am not aware of attempts in the central bank context." CNBC then asked whether there had been hacking attempts in a non central-bank context — that is, in the accounts the Federal Reserve maintains for private banks. A Federal Reserve spokesperson declined to answer and said simply: "Check with the private banks."
The public would not necessarily know if even large amounts of money have ever been stolen from accounts at the New York Fed. The Fed says it is not bound by any disclosure requirements to report thefts. "I am not aware of any laws or regulations that require public disclosure, certainly by the Fed," the official said.