UK Banks Told To Reveal Tech Meltdown Plans

UK banks have been told to explain how they would cope with a technology failure or cyber-attack. From a report: The Bank of England and the Financial Conduct Authority have given financial firms three months to detail how they would respond if their systems failed. Some TSB customers were left unable to access online banking for more than a month following a botched systems upgrade in April. Banks could be ordered to take action if their plans are judged to be poor. The Bank of England and FCA have emphasised that senior management at banks will be held accountable for prolonged disruption to services.

Silly

[p51d007]

Yeah, tell how they would do it, then anyone that would try to "melt down" the tech sector or a cyber attack would know how they could scoop in and clean up. Real smart.

Re:Silly

Actually bank outages have never been MORE common, and the systems behind them, also broken

True issues are no backups, partial backups, backups on the same device as the real data - nah remote storage costs too much, or discovering their hot site cant switch back.
Oh and loose power is a biggie - See British Airways.

The one thing they will NOT do is interview old hands who have been let go/retired and investigate those claims, or calculate the time needed to restore, then sync with other systems, assuming the journals were not corrupted/db's with dirty flags etc.

Re:Silly

[Desler]

Because hiding what they would do is working so much better?

Accountability

"The Bank of England and FCA have emphasised that senior management at banks will be held accountable for prolonged disruption to services." - what exactly happened to senior management at TSB? Absolutely nothing!

The CEO was talking out of his backside about fixing the problem (I loved how he said IBM would fix the problem in 3 days or something). It dragged on for so long it was pathetic.

Re:Accountability

This is one of the reasons I'm splitting my finances between 2 unrelated banks (a number of banks in the UK are owned by the same parent company and probably share the same infrastructure). If it happens to both of the banks, well, I'll keep my money under my mattress in that case :)

Re:Accountability

Bitcoin

Re:Accountability

lol....

Put it all in the blockchain.

And put the private keys in the DNA of genetically modified tulips.

Just follow military doctrine...

[ksw_92]

After reading up on several large failures over the past years it seems like most UK banks cyber-DR plans seem to be lifted straight from the military: "When in danger, when in doubt, run in circles, scream and shout"

Re:Just follow military doctrine...

After reading up on several large failures over the past years it seems like most UK banks cyber-DR plans seem to be lifted straight from the military: "When in danger, when in doubt, run in circles, scream and shout"

so brits are proud of the fact that they are useless idiots who would be ruled by nazis without US help

Security by Obscurity

[Comboman]

Security by Obscurity is just another name for no security. Forcing the banks to be transparent about their processes at least makes it possible that problems can be found before they're exploited.

Re:Security by Obscurity

Security by Obscurity is just another name for no security.

To make use of a rude example: Tell me your credit card number, expiration date, security code, full name, social security number, and full address.

Security often is keeping information confidential. "Security by obscurity" is a rule of thumb for only having confidentiality is insufficient. Having no confidentiality is equally insufficient.

To give an example about what might happen during a disaster recovery effort with an attacker that knows the plan: the attacker would know what services you are running, where, the configurations; where the cold/warm/hot site is, it's configuration, it's security, and how data gets there. Imagine how easy it would be for an attacker to set up a MITM between a main site and a recovery site, or just physically infiltrate and compromise the hardware when he knows no one will be there.

Giving out your recovery plan is no wiser than a general that gives the enemy army his battle plan.

Re: Security by Obscurity

Information can be secret, but process shouldn't be. If you're vulnerable to a MITM attack on the transport between main and DR sites, the problem is the lack of encryption on that link, not that someone found the route.
DR sites should be manned and monitored for physical security just as much as your main datacenter.

Obligatory

[nwaack]

1. Tech meltdown
2. ???
3. Profit!

Re:Obligatory

[PolygamousRanchKid+]

1. Tech meltdown

2. ???

3. Profit!

1. Tech meltdown

2. Government bailout

3. Privatize profits; socialize losses

We've got too many things that are "too big to fail" . . . and the "things" know that, and are expecting their bailouts.

Re:Obligatory

1. Tech meltdown

2. Intel ???

3. Bailout for Banks and Intel!

Like every other Government or Corporate "plan"

Change in operational cost? <----------,
NO: alter the product for no reason ---'
YES: cost went down ---> pocket the difference
YES: cost went up ---> pass the expense onto customers

Not sure about the UK

[rsilvergun]

but in the US I'd much rather hear about their plans to deal with the next economic downturn. Our right wing just repealed one of the major regulations here (Dodd Frank) that was passed to prevent another 2008 style crash. I've noticed that whenever we do something boneheaded Britain's right wing seems to take notes...

Re:Not sure about the UK

[AHuxley]

That Electronic benefit transfer (EBT) stops working in the USA? No more digital Nutrition Assistance Program?
In the USA some of the options when a nation wide cybering takes place are:
1. Drive out to your cabin in the woods with its years of stored food, water filters, solar, books and wait out the city riots.
2. Find that New Zealand passport kept for just such events and call up your business jet for a holiday. Enjoy the Hobbit Trilogy movie locations while the USA riots.
3. Recall that person who could have had a cabin in the woods with a few years of food and ask them for an invite.

Re:Not sure about the UK

How about how Venezuela plans to deal with their economic downturn?
Brazil?

The left wing's solution to everything is raid the rich people coz they always have enough money and when that runs out the solution is to... kill the people who are using up all the resources.

I've noticed that whenever your leftist ideology results in bone-headed real world results you ignore it and keep saying "Next time it'll be REAL communism!"

Re:Not sure about the UK

[AHuxley]

See movies like the Road and the movie Mad Max.

Re:Not sure about the UK

[thegarbz]

but in the US I'd much rather hear about their plans to deal with the next economic downturn.

Profit or get bailed out.

Okay let's go back to the technical question. I think it has more meat in it.

Re:Not sure about the UK

[Nidi62]

but in the US I'd much rather hear about their plans to deal with the next economic downturn.

You'll find out in 9 months when the Brits still haven't gotten their act together and force a hard Brexit.

anybody into the hotwife scene?

Trying to convince my girlfriend to watch and take pictures while I get fucked by a well-hung bull. She freaked out when I suggested it. I never took her for a homophobe.

Re:anybody into the hotwife scene?

Pro-tip: Don't bother unless you want to spend the rest of your life alone, and if you mean a bovine, good luck not getting seriously hurt, and if a pit bull, you could spend the rest of your life getting pounded by him, but forget getting a girlfriend. If you meant getting screwed by a guy, well you could enjoy it once or twice until he no longer gives a damn about you or starts manipulating you.

Normal banking while its cybering outside

[AHuxley]

0. Create a pre banking sorting tent outside. Got an account at the bank? Got a savings account at that branch that supports teller services? The bank is open for you.
1. Open at 10 am for people to use the teller services.
2. Be nice to people who have an existing account at that bank. No opening any new account during a cyber event
3. Get some photo ID and account details from a person who has the correct bank account with that bank branch.
4. Find paper records on file about the person and their account.
5. Support the account holder with their banking needs that day as they can show they have the correct account type that offers bank teller services.

Banks are going to need secure paper work every day on every account that was ever opened at that location.
An online all digital bank accounts, apps would not need to work as such services never supported that type of bank service. That would reduce the amount of service needed for all other bank accounts. Types of savings accounts only get support.
No support for international bank accounts as they are not what that bank branch created.
The only service a bank has to support is the accounts opened in that branch and of an account type that a bank teller has always supported.
The display of piggy banks and colourful banking related images is relaxing while account holders wait in line.
Lots of police to keep away the non bank customers and non supported account holders well away from people using their bank accounts.
A gov can set a max cash limit to each account per day while it is cybering. That would set a rate and amount of cash needed to be transported each day to support a set of savings accounts per bank branch.

Re:Normal banking while its cybering outside

[xxxJonBoyxxx]

>> 0. Create a pre banking sorting tent outside.

Elon, is that you?

Re:Normal banking while its cybering outside

[AHuxley]

Big tents can offer solutions to many cyber related problems. With banking and cyber its just the size of the tent near the bank and the number of police needed.

Re:Normal banking while its cybering outside

[aaarrrgggh]

Sorry, but aside from trying to triage/pre-screen people everything else is unlikely to work. Do you have your full account numbers available in a non-electronic form? (I do for my credit union account, but not my "real" bank account-- there I just go in and give my ID.) The banks cannot manage the volume of paper required any more-- and even if they could, the complexity of banking needs today would make a paper ledger nearly impossible for solving modern banking needs.

About the only thing you could do is try to revert to batch settlement via a redundant system. You would have to shut down ATMs, and I don't think there is any viable way to do bill payment and similar types of services. The links to direct-deposit paychecks would be almost impossible to manage as well if a bank is truly hosed.

I'm all for redundant arrays of irresponsible banks.

Re:Normal banking while its cybering outside

[sjames]

Not quite. If they cannot provide the promised online banking services, they owe all customers teller service until they restore their online services. After all, it's the bank that screwed the pooch so it's the bank that needs to bear the pain.

The only reasonable alternative would be requiring the bank to give their online only customers their full balance in cash on demand and close the account.

Re:Normal banking while its cybering outside

[AHuxley]

Re "Do you have your full account numbers available in a non-electronic form?"
A bank statement they got from their bank by post over the years. The card they got with their account. Photo ID.
That would provide some evidence the correct account exists at the tent outside the bank during sorting.
The bank would then have its paperwork on file during a cyber event to show the account exists and was created at that bank.
The person could then ask for a set amount of cash per day from their own account while the cybering lasted.
Re "The banks cannot manage the volume of paper required any more-- and even if they could, the complexity of banking needs today would make a paper ledger nearly impossible for solving modern banking needs."
Thats why only accounts created in that bank and for accounts that have teller support need to be allowed in during cybering.
No networks needed as its cybering. Just the paper files created in that bank.
A set of supported accounts created at that bank would be printed out and be on file.
Re 'bill payment and similar types of services"
The daily cash allowed would be enough to pay for food and other needed items from a shop. Citizens with ID, ATM cards and online banking apps with no way to get more cash would have to line up for the gov to hand out food.

Re: Normal banking while its cybering outside

[nitehawk214]

If you have a checkbook, you already have your account number. My backup file on my local network covers the rest of the details. Otherwise, get a piece of paper and a secure place to put it.

Re:Normal banking while its cybering outside

[AHuxley]

Not if that account type never supported such services. The banks would be open for teller supported accounts from each bank branch.
During a cybering no network crypto could be trusted to work any electronic network to see if such digital accounts and customers existed.

Re:Normal banking while its cybering outside

[sjames]

That's the bank's problem. They need to have a contingency plan to deal with their own failures.

The data exists or the account wouldn't exist in the first place. If they don't have an appropriately isolated internal network, they'll need to move data on tape around.

Re:Normal banking while its cybering outside

[AHuxley]

The contingency plan is to look after a set of customers who hold the correct paperwork and account types.
Crypto will be down during a total cybering so each bank is isolated and can only trust its own paperwork.
Any attempt to network could result in contacting a fake network that supports fake bank accounts and fake crypto.
Criminals could use the cybering event to present with fake networked apps and accounts requesting cash.
A van or truck under police guard arrives with a set amount of cash for a set of a banks own account holders.

A government could set up a system for people to show they are citizens, their ID and give out a set amount every day.
That would be for a government to do. Re "data on tape around"? The power supply might not be working. Any central location could have been infected with malware before or as part of a cybering event. All later data added to or trusted from that tape could be used to criminal groups. It could also move malware from bank to bank.

Re: Normal banking while its cybering outside

Yeah but why can't this be done indoors. It's not like the "hacker signals are coming from inside the building."

Re:Normal banking while its cybering outside

[sjames]

So they'll just have to copy data to a few tapes and send them by car. Enough data to handle the contingency would easily enough fit on one LTO tape. They'll have to do that anyway for the other customers since last month's statement won't likely be up to date.

Re:Normal banking while its cybering outside

Not if that account type never supported such services.

If the account type is "online only", and the bank refuses to provide said "online only" service, what possible argument could you make that shows the type of account matters?

If it mattered to them, they must provide the service you are paying for,
They aren't, so it doesn't matter.

That is both theft in the most direct form, and fraud for accepting payment for a service they don't provide.

I don't know about the UK, but in the US the bank would be bending over backwards to accommodate your wrong account type just to prevent that type of legal claim against them.
Here, once you steal $10k, there is a minimum mandatory prison sentence involved. The judge has NO choice but to give at least that minimum sentence.
No bank exec wants to go to prison, locked up with all sorts of people that personally blame them for their woes.

Re:Normal banking while its cybering outside

[AHuxley]

AC the bank gave the person a list of products and services. When the person selected an online online back account they understood that account would only ever work with the needed "internet" part.
During a time of of cybering why should a bank change its policy? Risk fraud and criminal cash flows under the cover of cybering?
The government can ask for photo ID, proof of citizenship and hand out free money every day during a cyber event.

Criminal groups could use failed crypto and criminal bank staff to get money out of a bank under the cover of wide scale cyber events.
After the cyber event a bank would have to tell online account users someone with the correct crypto at that time collected from all their accounts?

A gift for you rotten bastards... apk

See subject: APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between characters & download).

Yields more security/speed/reliability/anonymity vs. any SINGLE solution (99% of threats = hostnames vs. IP address that most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

(Vs. "Bolt on 'MoAr' illogic-logic" competitors slowing you, hosts speed you up 2 ways (adblocks + hardcodes u spend most time @) vs. competition loaded w/ bugs (DNS/AntiVir) + their overheads (messagepass ('souled-out' to advertiser addons) + filtering drivers) & their complexity leads to exploitation).

* ONLY 1 of its kind in GUI on Linux/BSD!

(Much better vs. Windows model in speed & efficiency + new "merge" feature)

APK

P.S.=> I use Firefox on Linux & it works like a DREAM w/ hosts. Too bad you rotten bastard JEALOUS JOWIES keep abusing downmodpoints to censor me... apk

Threatening the banks?

How stupid are you?

Re: Threatening the banks?

You might be stupid but are you Kennedy stupid? You know what they do to Kennedys?
If they can't drive you insane they will just snipe you.

Our reach exceeds our grasp..

[Rick+Schumann]

..and greed has poisoned everything.

Every week, right here on Slashdot, we read of at least one data breach. Banks and electronic payment systems are no longer immune to it, in fact they're at least as vulnerable, if not more so, than anything else. Most of you wander around all day long, eyes glued to the Mobile Surveillance, Tracking, and Data Logging Device you call your 'smartphone'. ISPs log your DNS requests, break into your HTTPS traffic, logging and analyzing your web browsing habits, ostensibly to 'insert targeted advertising', but all that Personally Identifiable Data still remains. The NSA/CIA/DHS/{insert gov agency here} pays companies like AT&T for direct access to Internet backbone traffic for the specific purpose of surveilling everything that happens on the Internet, everywhere. So-called 'social media' like Facebook exist solely as honeypots to not just collect people's Personally Identifiable Data, but to encourage them to volunteer it, and they pioneer new methods to extract data from people, whether they're willing or not. Most every country on the planet that can afford one has a cyber-warfare division of their military, and they're actively and continually working to break into corporate, government, and vital infrastructure systems.

We are living in a house of cards. All it will take is One Stiff Breeze to blow it all down, perhaps taking our entire civilization down with it.
What are you all going to do then?

People rely more and more on 'automation' and mechanized 'conveniences' instead of learning skills themselves.
When all the machines stop working, what will you all do then? Sit around and wait for the Repairman that will never come?

There is no species that is the natural predator of Humans; we are our own predators, though.
It only follows that the 'extinction-level event' that gets us will be caused by Humans.
What will you all do then?

The point of all this verbage is this: We need to change the way we do things, and we need to do it starting NOW.
Do I have all the answers? Hell, no I don't! I don't even have some of the answers! But I can see that we're at a critical point where something is going to break in a big, bad way, but there may still be time to head it off.

So, what are YOU going to do NOW?

Re:Our reach exceeds our grasp..

[rtb61]

Nuthin' because as you well know, doing something costs money and doing nuthin' cost nuthin' and boosts this quarter bonus. Don't expect anything to change until regulations force it and don't expect regulations until it fucks up really bad. Likely the next major solar flare, which half of the planet, gets pretty digitally fucked up, just a matter of waiting to find out.

Re:Our reach exceeds our grasp..

[Rick+Schumann]

Of course you know I agree with you 100%, right? Why do you think I carry cash and pay cash for everything I can? Reduces my overall risk of getting caught in one 'data breach' or other that will expose access to my bank account. Even then the Equifax breach probably screwed me anyway, likely dozens of criminal organizations have all my Very Personal Data sitting on a storage device somewhere, and the only reason they haven't fucked me over with it is because I'm too poor to bother over. Guess we'll see what happens won't we? As you say: there'll have to be some major event happen before The Masses get their torches, pitchforks, pointed sticks, and what-not, and go out in the streets in force and demand something be done. Might be too late by then.

Re:Our reach exceeds our grasp..

I treat banks as a necessary evil. I never keep money in my account. I use credit cards to pay for everything and simply pay them off after every direct deposit from my employer. I withdraw everything that remains at an ATM. I always have all of my cash, it is never at the mercy of some government/hacker/catastrophe/etc. And in the event a major catastrophe wipes out the financial sector, everything on credit that has not been paid will essentially become free money I won't have to pay back. Win.

Re:Our reach exceeds our grasp..

Listen, what you're feeling is not unique or novel. Everybody feels it sometimes. It's like that thought you sometimes have when you're driving on a road with a steep cliff on one side. What if I veer off the road now? And then you don't do it, of course, but what if. Division of labor has a similar effect. It makes you feel bereft of control, dependent on things that could go wrong and there's nothing you could do about them. And then, normally, you realize that you can't exist independently of others no matter what you do, and you carry on. The few who don't come to that realization become preppers, hermits and dropouts.

Re:Our reach exceeds our grasp..

[AlwinBarni]

Have you ever seen the movie "Cube"? - Humanity in a nutshell.

To me it seems like the only way is to create society incentivizing learning and compassion and give everybody opportunity to learn, not just skills, but to learn to be a conscience human being responsible for his/her own actions, curious, active, assertive, non violent in pursuing its goals, knowing and understanding the history and last but not least participating in the democratic process - we should be OK then. Ignorance and corruption are very serious diseases for any society.

Also psychology should be part of the basic curriculum, people should know how inherently biased and vulnerable to manipulation we all are. If we knew ourselves better, we would be less prone to exploitation and more understanding to others.

Re:Our reach exceeds our grasp..

I'm going to hope that by the time we create our god machine we've figured out how to program it to value human life more than most humans do. If we, instead, manage to destroy the electronic infrastructure we've devoted decades to building? Meh. I know how to farm so I'll at least have some minor value in the post-e-world. The real question then is what is it YOU are doing right now?

Re:Our reach exceeds our grasp..

[Rick+Schumann]

I agree with what you're saying, but allow me to attempt to distill what you just wrote down to a single sentence:

The Human Race must evolve beyond the stage of caveman-like primitivism.

As much as Humans can be amazing and resourceful and wonderful, we're all still very, very young as sentient races go, so far as my opinion goes; we're children with high-tech toys, our technology has evolved at a rate orders of magnitude faster than our poor meat brains have, and, sadly, it shows. If we, as a species, manage to survive the next few hundred years, we might start getting past this Caveman stage we're still, apparently, stuck in. Right at the moment, though, it's hard to maintain an attitude of hopefulness, with the way things are going.

Re:Our reach exceeds our grasp..

[Rick+Schumann]

..yeah, I knew I wasn't alone in this strategy, but we're still in the minority, and are subject to ridicule for it by people who are too trusting and/or too myopic.

Re:Our reach exceeds our grasp..

[thegarbz]

So, what are YOU going to do NOW?

Post this. Close the tab. Read the next Slashdot Tab about Intel 5G Modems to see if there's anything other than crazy rants there.

Re:Our reach exceeds our grasp..

[AlwinBarni]

Well said.

Right at the moment, though, it's hard to maintain an attitude of hopefulness, with the way things are going.

I am still optimistic though. Considering the history, we're living in really good times so far. There are good things happening, just are not news worthy (our monkey brain seems to put more attention to bad news - well, to be fair, it's a reasonable evolutionary trait). There's a song ("Strange is this world") "... however, there are more people of good will, and I deeply believe, that the world will not perish because of them ...".

Australia Jobs

[abdulbais]

Our platform is the best site for online jobs visit please: https://myjobsoptions.com/

Go stateless, found a micronation...

Enact treaties with other micronations recognizing their sovereignity. Use mutual recognition to demand recognition from larger entities. Rinse and repeat until the micronations political power erodes the superpowers.

Until we are willing to do that, and forcing consolidation to its knees, we are at the mercy of small cabals of people in much better positions to leverage their technological, military, economic, and political powers against us.

Doing anything less at this point in history is doomed to failure.

Vender Problems...

As someone who works in IT in the financial sector (in America) for the last 10 years, I have a few thoughts...

I'm sure things work the same over seas as they do here. So, unless your among the largest banks (top 10), they all outsource their internet banking to their core vendor. The banks host the data (customer account info) but the vendor does everything else. If the bank looses connection, the vendor uses stand in (last known) data and internet banking continues. According to this, the outage was due to a "a botched systems upgrade". If it had been the bank's system, they wouldn't have been able to do any banking at all until it was fixed, but the article specifies internet banking. So what do you do when your core vendor implodes? It's no easy task to move a bank and all its branches to a new software core. You're also locked into a very costly contract as these vendors charge by your total assets, not some established amount like O365. Lastly, as we are seeing here, banks are heavily regulated and inspected, but the vendors usually aren't. (A problem I've worried about for a long time)

Hopefully the governing bodies over there will turn their attention to the proper entities, the vendors, but I do worry about smaller banks. This outsourcing is done for several reason. For smaller banks, it is just too cost prohibitive to stand up the infrastructure your core vendor possesses and is ready to provide. For large banks, nothing makes a CEO happier then offloading risk. (hence, why the "cloud" is so popular.) But more regulation, and especially the associated costs, could put smaller (community) banks out of business. Even in this situation, the high costs of new contracts and implementation could be the end for smaller banks who are usually willing to work with individuals and families.

Anyway, before I ramble too much, I'll end by saying that this is how someone in this field reads this...

Impersonating me AGAIN?... apk

See subject: "Imitation=sincerest form of flattery" PROVING u WISH u were ME & poor imitation = u.

* I don't post on hosts in topics that don't fit it (unless you of "moron kind" bring it up 1st)

(Hence, you give yourself away you're impersonating me!)

APK

P.S.=> What are you trying (& failing) to accomplish? Trying to "make me look bad"?? I have to ask as it's EXTREMELY DIFFICULT for me to "think like 'your kind'" (no-mind do-NOTHING "ne'er-do-wells" that can't think, lol) to even TRY to understand your "mental processes" (none obviously that are up to any good)... apk

Re: The Truth About Nuclear isotopes and Myopia

WTF is this even?

Have you never heard of eye glasses?

North Korea didn't exist back in ancient Rome's days...it was just Korea.