UK Banks Told To Reveal Tech Meltdown Plans

UK banks have been told to explain how they would cope with a technology failure or cyber-attack. From a report: The Bank of England and the Financial Conduct Authority have given financial firms three months to detail how they would respond if their systems failed. Some TSB customers were left unable to access online banking for more than a month following a botched systems upgrade in April. Banks could be ordered to take action if their plans are judged to be poor. The Bank of England and FCA have emphasised that senior management at banks will be held accountable for prolonged disruption to services.

Silly

[p51d007]

Yeah, tell how they would do it, then anyone that would try to "melt down" the tech sector or a cyber attack would know how they could scoop in and clean up. Real smart.

Not sure about the UK

[rsilvergun]

but in the US I'd much rather hear about their plans to deal with the next economic downturn. Our right wing just repealed one of the major regulations here (Dodd Frank) that was passed to prevent another 2008 style crash. I've noticed that whenever we do something boneheaded Britain's right wing seems to take notes...

Re:Our reach exceeds our grasp..

[Rick+Schumann]

Of course you know I agree with you 100%, right? Why do you think I carry cash and pay cash for everything I can? Reduces my overall risk of getting caught in one 'data breach' or other that will expose access to my bank account. Even then the Equifax breach probably screwed me anyway, likely dozens of criminal organizations have all my Very Personal Data sitting on a storage device somewhere, and the only reason they haven't fucked me over with it is because I'm too poor to bother over. Guess we'll see what happens won't we? As you say: there'll have to be some major event happen before The Masses get their torches, pitchforks, pointed sticks, and what-not, and go out in the streets in force and demand something be done. Might be too late by then.

Re:Security by Obscurity

Security by Obscurity is just another name for no security.

To make use of a rude example: Tell me your credit card number, expiration date, security code, full name, social security number, and full address.

Security often is keeping information confidential. "Security by obscurity" is a rule of thumb for only having confidentiality is insufficient. Having no confidentiality is equally insufficient.

To give an example about what might happen during a disaster recovery effort with an attacker that knows the plan: the attacker would know what services you are running, where, the configurations; where the cold/warm/hot site is, it's configuration, it's security, and how data gets there. Imagine how easy it would be for an attacker to set up a MITM between a main site and a recovery site, or just physically infiltrate and compromise the hardware when he knows no one will be there.

Giving out your recovery plan is no wiser than a general that gives the enemy army his battle plan.

Re:Normal banking while its cybering outside

[aaarrrgggh]

Sorry, but aside from trying to triage/pre-screen people everything else is unlikely to work. Do you have your full account numbers available in a non-electronic form? (I do for my credit union account, but not my "real" bank account-- there I just go in and give my ID.) The banks cannot manage the volume of paper required any more-- and even if they could, the complexity of banking needs today would make a paper ledger nearly impossible for solving modern banking needs.

About the only thing you could do is try to revert to batch settlement via a redundant system. You would have to shut down ATMs, and I don't think there is any viable way to do bill payment and similar types of services. The links to direct-deposit paychecks would be almost impossible to manage as well if a bank is truly hosed.

I'm all for redundant arrays of irresponsible banks.

Re:Our reach exceeds our grasp..

[AlwinBarni]

Have you ever seen the movie "Cube"? - Humanity in a nutshell.

To me it seems like the only way is to create society incentivizing learning and compassion and give everybody opportunity to learn, not just skills, but to learn to be a conscience human being responsible for his/her own actions, curious, active, assertive, non violent in pursuing its goals, knowing and understanding the history and last but not least participating in the democratic process - we should be OK then. Ignorance and corruption are very serious diseases for any society.

Also psychology should be part of the basic curriculum, people should know how inherently biased and vulnerable to manipulation we all are. If we knew ourselves better, we would be less prone to exploitation and more understanding to others.

Re:Obligatory

[PolygamousRanchKid+]

1. Tech meltdown

2. ???

3. Profit!

1. Tech meltdown

2. Government bailout

3. Privatize profits; socialize losses

We've got too many things that are "too big to fail" . . . and the "things" know that, and are expecting their bailouts.

Re:Our reach exceeds our grasp..

[Rick+Schumann]

I agree with what you're saying, but allow me to attempt to distill what you just wrote down to a single sentence:

The Human Race must evolve beyond the stage of caveman-like primitivism.

As much as Humans can be amazing and resourceful and wonderful, we're all still very, very young as sentient races go, so far as my opinion goes; we're children with high-tech toys, our technology has evolved at a rate orders of magnitude faster than our poor meat brains have, and, sadly, it shows. If we, as a species, manage to survive the next few hundred years, we might start getting past this Caveman stage we're still, apparently, stuck in. Right at the moment, though, it's hard to maintain an attitude of hopefulness, with the way things are going.