April 15, 2013
Do Cyberattacks Threaten Confidence in Our Payment Systems?
This past October, former Defense Secretary and CIA Director Leon Panetta said, "A cyberattack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11." In the days leading up to this statement, multiple major U.S. banks were the targets of cyberattacks known as distributed denial of service (DDOS). In these attacks, which continue to take place on a steady basis, a bank's servers are overwhelmed by a flood of messages from networks of computers infected with malicious software (botnets) leading to website outages. Frequently, these attacks are politically motivated and are undertaken by foreign states. They are intended to be disruptive and create customer service dissatisfaction rather than to commit fraud.
At a recent conference I attended, security expert and former senior White House Advisor Richard Clarke suggested that technology and automated tools currently used to detect and prevent these attacks aren't always effective. For instance, firewalls can be penetrated and, although antivirus tools are good protection against the general hacker, they may not be as effective against the sophisticated malware that the well-organized bad guys are creating at alarming rates. The primary goal of implementing security measures is prevention, of course, but we have to be realistic in accepting there will always be some number of successful attacks requiring post attack countermeasures.
To date, these DDOS attacks have created only short-term inconveniences for consumers. I believe that consumers' overall confidence in payment systems remains high, and rightfully so. But the threat for a mass disruption to financial institutions and the payments community through a cyberattack on U.S. companies is real. Consider the potential ramifications that a nationwide cyberattack could have on the U.S. banking and payment systems. We need only look at the cash crunch that Hurricane Sandy caused to the payment system in the Northeast last October, when the area experienced prolonged electrical and resulting communication outages. The banking community, led by FS-ISAC and others, must continue its efforts to not only prevent, but also plan for a response to an extended, widespread cyberattack to avoid even worse disruptions and a subsequent loss in confidence in our payment systems.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Do Cyberattacks Threaten Confidence in Our Payment Systems?: