Banks also asked to test resilience against legacy IT failures
The government should work on a programme to improve and test the resilience of banks to cyber attacks, the Bank of England’s Financial Policy Committee has recommended.
The FPC wants to see a “concrete plan in place to deliver a high level of protection against cyber attacks for each institution at the core of the financial system”, according to minutes from a meeting on 18 September.
The Committee said action plans should be in place by the first quarter of 2014, with the help of the Treasury and relevant regulators.
Recent cyber attacks on Barclays and Santander have highlighted the danger facing banks. In both cases a crook posed as an IT worker and attached a keyboard, video and mouse (KVM) remote control device to branch machines.
In the US, banks had their customer-facing systems knocked offline for prolonged periods in 2012 and 2013 by powerful distributed denial of service (DDoS) attacks.
Legacy systems, which are more prone to failure, have also caused problems for major banks, as RBS infamously found out last year.
“The threat had many dimensions and was growing,” the FPC report read. “The financial system had a number of potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure, and its sometimes complex legacy IT systems.”
The Bank of England published a discussion paper on general stress testing of the UK banking system yesterday.
“The new stress tests will bring together expertise from across the Bank, including macroeconomists, financial stability experts and supervisors. This will materially strengthen the Bank’s analytical capability to assess risks to resilience,” said new governor of the Bank of England, Mark Carney.
Are you a security expert? Try our quiz!