Source: by David Milliken for Thomson Reuters, June 16
A state-backed cyber–attack could secretly corrupt the records of British financial institutions over a period of months, posing a risk that banks would probably struggle to guard against on their own, a senior Bank of England policymaker said.
Banks have focused mainly on stopping service outages, but the falsification of transaction records and other data was an even bigger danger, Anil Kashyap told lawmakers on Tuesday.
“If you wanted to do maximum damage, that is what you would probably do if you were a state actor,” he told a parliament committee.
Britain’s security services have warned about the risk of cyber–attacks by Russia and other countries, and the BoE has urged banks to boost their preparedness to avoid disruption to one of the world’s largest financial centres.
But British financial institutions might not be able to guard against this type of attack on their own, Kashyap said.
“If you think it is a state actor, I don’t know if you think any particular firm can defend itself,” he added.
Attacks on bank records would be especially damaging as it would not be easy to identify which records were accurate and which had been corrupted.
“You have this difficult situation where you have to restore the system, where you could be restoring a corrupt system,” Kashyap said.
Financial institutions also risked focusing too much on dangers that would damage their individual reputations, rather than threats to the system as a whole, such as over-reliance on a handful of providers of cloud computing services.
“I don’t really care if bank ‘x’ is offline for a week, even if it’s disastrous for their share price, if the services that they provide, that are critical, can be delivered in some other way,” Kashyap said. “What is tricky is it could be the case that the (bank) board’s incentives of what to worry about are misaligned with the general incentives.”
He also said the BoE would keep a close eye if major technology firms begin to rapidly gain market share in financial services.
Earlier on Tuesday, Facebook said it was launching a digital currency and payment service for its users.
Kashyap, a finance professor at the University of Chicago, was speaking to parliament’s Treasury Committee which was examining his reappointment to the BoE’s Financial Policy Committee, which monitors risks to the banking system.