Due to the high degree of interconnectedness of financial system BofE requires cyber attack plans to be drawn up
Finextra notes that the recent BofE Financial Policy Committee meeting minutes are concerned about cyber attacks and require a plan from Banks by March 2014. Really?
Britain’s financial institutions must put concrete plans in place over the next few months to deal with the growing threat of cyber-attacks, the Bank of England has warned.
I had to go back and double check the meeting minutes for myself. Cyber attacks and Ddos are hardly new, and banks have their own plans in place today. However when I read the minutes there is a soundness to the request in that there is no coherent macro plan in place for financial systems, rather bank specific only. This immediately brings to mind payment systems which transcend all banks, and points of ownership at the border may not be at all clear.
So maybe it is overdue. Here is the relevant comment in the BofE minutes.
13. Resilience to cyber attack. The Committee had received a report from HMT, with input
from the Bank (including the PRA), the FCA and government agencies, on progress towards a
programme of work to assess, test and improve the financial system’s resilience to cyber attacks.
The threat had many dimensions and was growing. The financial system had a number of
potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised
market infrastructure, and its sometimes complex legacy IT systems. As the Committee had noted
in June, it was important that boards of financial firms and infrastructure providers recognised
their responsibility for responding to those threats, which required a combination of continuous
vigilance and investment to strengthen operational resilience.