Menu
Banking Exchange logo215mar2015
Menu

Cyber attacks: clear and present danger for banks

Imagine a major outage’s impact on markets

  • |
  • Written by  Chris Moschovitis, tmg-emedia
  • |
  • Comments:   DISQUS_COMMENTS
UNconventional Wisdom is a periodic guest blog where the conventional wisdom is held up for fresh inspection. If you have some "UNconventional Wisdom" to share, email scocheo@sbpub.com. UNconventional Wisdom is a periodic guest blog where the conventional wisdom is held up for fresh inspection. If you have some "UNconventional Wisdom" to share, email scocheo@sbpub.com.

Banks as well as governments make tempting targets for cyber warriors, whether they are individuals or state actors. The number and sophistication of attacks will grow and become increasingly difficult to counter.

While cyber attacks by Russia are prominent in the news, that country is not alone in excelling at cyber warfare. Many nation-states see this as the new “nuclear arms race.”

They believe, rightly so, that this is a race they can win. North Korea, Iran, and China have demonstrated their capabilities time and again. So have the U.S. and Israel. There is little doubt that practically every country is actively participating in the development, management, and deployment of cyberwarfare infrastructure. They are building massive defensive and offensive cyberwarfare capabilities.

What has made Russian cyber attacks particularly egregious is not that they are the first, but that they are a blatant, “in your face,” show of power, ridiculing the last superpower standing and thereby threatening its institutions. And the American banking system is as tempting a primary target as the World Trade Center buildings were to unsophisticated terrorists.

More to it than tech

What makes Russia’s cyber attacks particularly threatening is that they are coupled with Russia’s deep scholarship in propaganda.

I have read recent interviews from officials downplaying and demeaning Russian propaganda as “par for the course,” and “things we’ve seen before from the Russians.”

If so, then we have not learned from history, and that will cost us dearly. We have been badly defeated and ridiculed by what we all thought was a vanquished enemy of a cold war gone dead. In my view, news that the enemy is simply practicing an old form of state-craft is merely a manifestation of unrealistic optimism, for the cold war is not only still with us, but it is being waged at a far more sophisticated level than ever before.

On April 4, 1949, with the memories of the Second World War brutally fresh, an alliance was formed between the U.S., Canada, and several European countries—the North Atlantic Treaty Organization (NATO).

Article 1 of the treaty reads: “The Parties undertake, as set forth in the Charter of the United Nations, to settle any international dispute in which they may be involved by peaceful means in such a manner that international peace and security and justice are not endangered, and to refrain in their international relations from the threat or use of force in any manner inconsistent with the purposes of the United Nations.”

Want more banking news and analysis?

Get banking news, insights and solutions delivered to your inbox each week.

Many more treaties followed, and the world’s “doomsday clock” reflected the threat: 7 minutes to midnight in 1947. 3 minutes in 1949, after the first USSR nuclear test. 17 minutes—the lowest value—in 1991. Now, it is back to 3 minutes to midnight.

The lowest value, 17 minutes to midnight, was reached when the world thought the cold war to be over, and the U.S. and Russia were engaged in nuclear arms reduction. Since 2015 it is back to 3 minutes as “Unchecked climate change, global nuclear weapons modernizations, and outsized nuclear weapons arsenals pose extraordinary and undeniable threats to the continued existence of humanity,” and yet world leaders fail to act.

Cyber warfare is real

Sadly, this is not their only failure. As catastrophically serious as both climate change and nuclear arsenals are, a third blight has surfaced: Cyber warfare.

Most think that hacking or cyber warfare is a threat, but not the kind of threat that can destroy institutions. They are deadly wrong.

Acts of cyber warfare may have proven devastating in the Ukraine, when Russian hackers attacked that country’s power grid leaving almost a quarter million residents without electricity.

We and our ally, Israel, via Stuxnet, launched a major cyber attack on Iran’s centrifuges at one of its nuclear enrichment facilities. It could happen to us just as easily.

Less dramatically, numbers of retail chains have been attacked, resulting in the loss of millions of dollars and consumer confidence. If such acts continue, then major retailers may disappear.

Off the grid—and not by choice

Consider what would happen if the electrical grid was hacked and the country, or regions, went dark for weeks on end. Ted Koppel did so in his Lights Out: A Nation Unprepared, Surviving The Aftermath, and the implications are devastating.

Consider the ramifications of hacking medical records and facilities, water purification plants, traffic control, or telecommunications.

Now think what would happen if the Federal Reserve Bank or the too-large-to fail banks were hacked. The panic in financial markets would be contagious and significantly more disruptive than anything we witnessed during the 2008 meltdown.

Are CEOs listening?

I have no doubt that there are brilliant minds working around the clock, continuously analyzing and responding to threats. They regularly advise CEOs of banks and brokerages.

But, I know from my business experience, that advice often falls on deaf ears. There are countless numbers of executives who don’t want to hear about the risks of cyber warfare. It was not surprising for me to learn, for example, that former President Obama and his aides took no action in the face of Russian hacking during our last national election.

It is time for a concentrated effort in to defend not just banking and corporate America, but also of humanity itself. Leaders in industry and government need to be educated and ever alert of the dangers we will have to withstand. Corporate leaders, particularly our highest profile bankers, need to be sensitized to the dangers of cyber attacks; in short they need a new version of “duck and cover” for the cyber age.

A cyber attack on our financial institutions should be considered an attack on the very foundations of America. The U.S. and its allies must recognize the dangers of cyber actor proliferation and take immediate and decisive action.

My Cyber Clock is set to 1 minute to midnight, and the seconds are ticking… Banks are now in range for the most destructive of cyber attacks. They shouldn’t wait for a version of a Pearl Harbor cyber attack. The devastation would greater than anything we have ever witnessed.

About the author

Chris Moschovitis is co-author of History of the Internet: 1843 to the Present,” as well as a contributor to the Encyclopedia of Computers and Computer History and the Encyclopedia of New Media. He is cyber security and governance certified (CSX, CISM, and CGEIT), and an active member of ISACA, ISSA, and IEEE. He is CEO of tmg-emedia, and personally leads the cyber security and consulting teams. He can be reached at Chris.Moschovitis@tmg-emedia.com

back to top

Sections

About Us

Connect With Us

Resources