Financial market infrastructures need to strengthen their resilience to cyberthreats. An international working group of central banks under the aegis of the Bank of International Settlements (BIS) has carried out important initial work in this area in the past two years, and published its first report in November 2014.
Cyberattacks threaten the financial system
The financial sector's dependence on information technology has increased markedly. Banks and financial market infrastructures are strongly interconnected. The wholesale payment and securities systems they use make up a global network that is available around the clock. The retail payment systems used by consumers and companies, such as online and mobile banking, have also become increasingly dependent on information technology. As a consequence, the potential impact of a disruption to information systems has risen considerably.
Operational disruptions can be caused by unforeseen events, such as natural disasters and physical attacks, but also by targeted cyberattacks on systems. Hackers, criminals and terrorists may have diverse motives and deploy different means when it comes to targeting a financial institution. This may involve financial gain, but a cyberattack can also be aimed at obtaining confidential information or intentionally disrupting an operational system.
Cyberattacks on retail systems may be aimed at digital channels such as internet banking. This leads to financial losses and additional costs for security measures, investigations, liability and recovery measures after an attack. Disruptions can also have a negative effect on consumer trust in the security of digital channels. In recent years, banks in the Netherlands have taken measures to reduce online banking fraud and strengthen resilience against cyberattacks.
Cyberattacks on wholesale systems can be aimed at disprupting such systems. That is why financial infrastructures have taken measures to ensure system availability, for example by using mirrored systems with geographical separation. In the event of a disruption at one location, the system at the other will take over immediately. In addition, there is an increasing risk of cyberattacks aimed at gaining access to financial institutions' internal systems. If malware is used in a targeted attack on systems, the mirrored system will also be affected, which means that using the systems at the other location will not help to stop the attack. Combating such an attack requires supplementary measures that enable an institution to quickly detect fraudulent activities in its own systems and recover systems swiftly. For example, in the event of an integrity breach, it is important to be able to identify the point where the systems were still uncorrupted. There are also developments in systems that replicate the core functionality and do so with other technology than the primary facilities. These measures and techniques, which are being developed further, enable financial market infrastructures to improve their defences against cyberattacks.
An attack could be aimed at manipulating transactions between financial institutions, which could affect the accuracy of their financial end-of-day positions. In that case, the attack would have an impact on several parties in the transaction chain. In a worst-case scenario, this can lead to systemic risks to the financial system as a whole. That is why it is important for institutions to consider the impact of various attack scenarios on the availability, integrity and confidentiality of their organisations, operational systems and related parties. In addition, joint testing of incident response processes and recovery procedures and joint exercises play an increasingly important role in preparing for attack scenarios and aligning continuity plans.
Strengthening resilience through international cooperation
Given the typically international scope of the financial system, the potential consequences of cyberthreats extend beyond national borders. That is why international cooperation is essential. A recent example is the fact that financial institutions and enforcement agencies in major financial centres such as New York and London are now taking steps to improve information sharing and work together in a more structured way in enforcement.
Financial institutions are not alone in having to collaborate more. The same applies to authorities. Turning intention into action, a new working group was set up in September 2014 comprising of central banks and securities regulators, with DNB acting as co-chair. The objective of the working group is to determine what further steps are necessary to raise the bar across the board for measures to enhance the resilience of individual institutions and for the system as a whole.
In the mean time, the arms race continues apace given the growing stream of media reports about targeted cyberattacks. Financial market infrastructures must stay in control of the risks to their operational management – including cyber risks – at all times .