Financial regulators need their own cyber-security apparatus that isn’t dependent upon GCHQ, argues the head of the Treasury Committee
The head of an influential parliamentary committee has urged a rethink of the UK’s computer security apparatus, arguing its current focus on nation-state threats leaves the financial sector without effective recourse.
Conservative MP Andrew Tyrie, chairman of the Treasury Committee, said the group was concerned about “opaque” lines of accountability for handling Internet-based threats at a time of increasingly serious attacks on banks.
Banks left exposed
While financial regulators such as the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) share responsibility for online crime with GCHQ, in practice other regulators are dependent upon GCHQ, which reports to the Foreign Secretary.
“The Foreign Secretary’s priorities may be towards the need to address state-sponsored cyber-crime and terrorism, not commercial cyber-crime and fraud,” he wrote.
He argued a new line of accountability to the Treasury should be created for Internet-based financial crime, which has “resulted in unacceptable interruptions to vital banking services, and weakened the public’s confidence in the banking system as a whole”.
Tyrie made the comments in an open letter to Ciaran Martin, chief executive of the recently created National Cyber Security Centre (NCSC), which is part of GCHQ and is intended to coordinate computer security efforts for “the people, public and private sector organisations and the critical national infrastructure of the UK”.
“It is essential that the intelligence community gives the regulators the technical and practical support they need to do their job,” he told Reuters separately.
In the letter Tyrie made specific reference to a hack on Tesco Bank in November that resulted in the theft of £2.5 million from 9,000 customer accounts, saying the incident was “only the latest example of criminals exploiting vulnerabilities in the banking industry’s IT systems”.
He also called upon Martin to set out more specific objectives for private-sector computer security and for the renovation of banks’ dated IT systems.
Do you know all about security in 2016? Try our quiz!