UK Banks Told To Reveal Tech Meltdown Plans (bbc.com) 60
UK banks have been told to explain how they would cope with a technology failure or cyber-attack. From a report: The Bank of England and the Financial Conduct Authority have given financial firms three months to detail how they would respond if their systems failed. Some TSB customers were left unable to access online banking for more than a month following a botched systems upgrade in April. Banks could be ordered to take action if their plans are judged to be poor. The Bank of England and FCA have emphasised that senior management at banks will be held accountable for prolonged disruption to services.
Silly (Score:2)
Security by Obscurity (Score:2)
Re: (Score:2, Insightful)
Security by Obscurity is just another name for no security.
To make use of a rude example: Tell me your credit card number, expiration date, security code, full name, social security number, and full address.
Security often is keeping information confidential. "Security by obscurity" is a rule of thumb for only having confidentiality is insufficient. Having no confidentiality is equally insufficient.
To give an example about what might happen during a disaster recovery effort with an attacker that knows the plan: the attacker would know what services you are running,
Re: Security by Obscurity (Score:1)
Information can be secret, but process shouldn't be. If you're vulnerable to a MITM attack on the transport between main and DR sites, the problem is the lack of encryption on that link, not that someone found the route.
DR sites should be manned and monitored for physical security just as much as your main datacenter.
Re: (Score:1)
Because hiding what they would do is working so much better?
Just follow military doctrine... (Score:1)
After reading up on several large failures over the past years it seems like most UK banks cyber-DR plans seem to be lifted straight from the military: "When in danger, when in doubt, run in circles, scream and shout"
Obligatory (Score:2)
1. Tech meltdown
2. ???
3. Profit!
Re: (Score:3)
1. Tech meltdown
2. ???
3. Profit!
1. Tech meltdown
2. Government bailout
3. Privatize profits; socialize losses
We've got too many things that are "too big to fail" . . . and the "things" know that, and are expecting their bailouts.
Not sure about the UK (Score:4, Interesting)
Re: (Score:2)
In the USA some of the options when a nation wide cybering takes place are:
1. Drive out to your cabin in the woods with its years of stored food, water filters, solar, books and wait out the city riots.
2. Find that New Zealand passport kept for just such events and call up your business jet for a holiday. Enjoy the Hobbit Trilogy movie locations while the USA riots.
3. Recall that person wh
Re: (Score:2)
Re: (Score:2)
but in the US I'd much rather hear about their plans to deal with the next economic downturn.
Profit or get bailed out.
Okay let's go back to the technical question. I think it has more meat in it.
Re: (Score:2)
but in the US I'd much rather hear about their plans to deal with the next economic downturn.
You'll find out in 9 months when the Brits still haven't gotten their act together and force a hard Brexit.
Normal banking while its cybering outside (Score:2)
1. Open at 10 am for people to use the teller services.
2. Be nice to people who have an existing account at that bank. No opening any new account during a cyber event
3. Get some photo ID and account details from a person who has the correct bank account with that bank branch.
4. Find paper records on file about the person and their
Re: (Score:2)
Elon, is that you?
Re: (Score:2)
Re: (Score:3)
Sorry, but aside from trying to triage/pre-screen people everything else is unlikely to work. Do you have your full account numbers available in a non-electronic form? (I do for my credit union account, but not my "real" bank account-- there I just go in and give my ID.) The banks cannot manage the volume of paper required any more-- and even if they could, the complexity of banking needs today would make a paper ledger nearly impossible for solving modern banking needs.
About the only thing you could do
Re: (Score:2)
A bank statement they got from their bank by post over the years. The card they got with their account. Photo ID.
That would provide some evidence the correct account exists at the tent outside the bank during sorting.
The bank would then have its paperwork on file during a cyber event to show the account exists and was created at that bank.
The person could then ask for a set amount of cash per day from their own account while
Re: Normal banking while its cybering outside (Score:2)
If you have a checkbook, you already have your account number. My backup file on my local network covers the rest of the details. Otherwise, get a piece of paper and a secure place to put it.
Re: (Score:2)
Not quite. If they cannot provide the promised online banking services, they owe all customers teller service until they restore their online services. After all, it's the bank that screwed the pooch so it's the bank that needs to bear the pain.
The only reasonable alternative would be requiring the bank to give their online only customers their full balance in cash on demand and close the account.
Re: (Score:2)
During a cybering no network crypto could be trusted to work any electronic network to see if such digital accounts and customers existed.
Re: (Score:2)
That's the bank's problem. They need to have a contingency plan to deal with their own failures.
The data exists or the account wouldn't exist in the first place. If they don't have an appropriately isolated internal network, they'll need to move data on tape around.
Re: (Score:2)
Crypto will be down during a total cybering so each bank is isolated and can only trust its own paperwork.
Any attempt to network could result in contacting a fake network that supports fake bank accounts and fake crypto.
Criminals could use the cybering event to present with fake networked apps and accounts requesting cash.
A van or truck under police guard arrives with a set amount of cash for a se
Re: (Score:2)
So they'll just have to copy data to a few tapes and send them by car. Enough data to handle the contingency would easily enough fit on one LTO tape. They'll have to do that anyway for the other customers since last month's statement won't likely be up to date.
Re: (Score:2)
During a time of of cybering why should a bank change its policy? Risk fraud and criminal cash flows under the cover of cybering?
The government can ask for photo ID, proof of citizenship and hand out free money every day during a cyber event.
Criminal groups could use failed crypto and criminal bank staff to
Our reach exceeds our grasp.. (Score:2, Interesting)
Every week, right here on Slashdot, we read of at least one data breach. Banks and electronic payment systems are no longer immune to it, in fact they're at least as vulnerable, if not more so, than anything else. Most of you wander around all day long, eyes glued to the Mobile Surveillance, Tracking, and Data Logging Device you call your 'smartphone'. ISPs log your DNS requests, break into your HTTPS traffic, logging and analyzing your web browsing habits, ostensibly
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
Have you ever seen the movie "Cube"? - Humanity in a nutshell.
To me it seems like the only way is to create society incentivizing learning and compassion and give everybody opportunity to learn, not just skills, but to learn to be a conscience human being responsible for his/her own actions, curious, active, assertive, non violent in pursuing its goals, knowing and understanding the history and last but not least participating in the democratic process - we should be OK then. Ignorance and corruption are
Re: (Score:3)
The Human Race must evolve beyond the stage of caveman-like primitivism.
As much as Humans can be amazing and resourceful and wonderful, we're all still very, very young as sentient races go, so far as my opinion goes; we're children with high-tech toys, our technology has evolved at a rate orders of magnitude faster than our poor meat brains have, and, sadly, it shows. If we, as a species, manage to survive the next few hundred years, we might start getting past thi
Re: (Score:2)
Right at the moment, though, it's hard to maintain an attitude of hopefulness, with the way things are going.
I am still optimistic though. Considering the history, we're living in really good times so far. There are good things happening, just are not news worthy (our monkey brain seems to put more attention to bad news - well, to be fair, it's a reasonable evolutionary trait). There's a song ("Strange is this world") "... however, there are more people of good will, and I deeply believe, that the world will not perish because of them ...".
Re: (Score:2)
So, what are YOU going to do NOW?
Post this. Close the tab. Read the next Slashdot Tab about Intel 5G Modems to see if there's anything other than crazy rants there.
Vender Problems... (Score:1)
As someone who works in IT in the financial sector (in America) for the last 10 years, I have a few thoughts...
I'm sure things work the same over seas as they do here. So, unless your among the largest banks (top 10), they all outsource their internet banking to their core vendor. The banks host the data (customer account info) but the vendor does everything else. If the bank looses connection, the vendor uses stand in (last known) data and internet banking continues. According to this, the outage was due