The financial system could likely resist the elimination of a large institution, but if several large financial institutions were shut down by a cyber attack, the disruption could last for weeks, he said.
Additionally, if the attackers struck during a particularly volatile time in the markets – for example, one of the “triple witching” Fridays that occur each quarter when stock options, stock index futures and options on stock indexes all expire on the same day – the effects could be magnified.
Such an attack would require skill, resources and immense coordination, which opponents have so far failed to show. Most cyber attacks on financial institutions to date have involved the criminal theft of bank card numbers and account credentials; although a few incidents involving nation-backed actors have occurred, they have been contained within their scope and impact.
In late 2011, Iranian hackers associated with the Islamic Revolutionary Guard Corps launched a month-long denial of service campaign against dozens of US financial institutions, including American Express, JPMorgan and Wells Fargo, according to the Department of Justice. Justice. documents. The attack disabled banking websites and blocked hundreds of thousands of customers from online accounts. And in 2016, hackers associated with North Korea broke into the Bangladesh Bank and hijacked employee credentials in an attempt to steal $ 951 million through the Swift network, a messaging system used. by financial institutions. They managed to grab $ 81 million.
More sophisticated and destructive attacks, however, are not excluded. The New York Cyber Task Force – a group of government and private sector experts convened by Columbia University and led by Mr. Rattray – examined a “serious but plausible” scenario involving several financial institutions. In the theoretical scenario, described in a report North Korean hackers compromise a third-party service provider, such as a cloud computing company, to sneak into a financial institution’s network and install a self-propagating digital worm, according to task force released this year which erases the data. As other financial institutions contact the infected bank, the wiper also spreads to their networks. The scenario highlights how quickly an attack could multiply and how financial institutions that focus on securing their own networks against adversaries could miss the risk of being compromised by the network of trusted partners.
If this scenario were to play out as the task force envisioned, an initiative called Sheltered Harbor would at least help alleviate the data loss. The program, launched by the industry in 2015, is designed to protect banks against the loss of valuable data due to cyber attacks – the data of participating banks is encrypted and backed up daily to secure offline storage so that if it is deleted or modified, or its access is blocked, it can be restored.
It’s not just the banks
Under a 2013 White House Executive Decree, the Department of Homeland Security was asked to identify critical infrastructures for which a cybersecurity incident could have “catastrophic regional or national effects on public health or safety, economic security or national security”. In the financial sector, DHS and the Treasury Department have identified more than two dozen key financial institutions that match the description, according to sources who asked not to be named because the information is sensitive.