Preparing for a Financial Pearl Harbor
“The present situation is as dangerous as if the United States decided to outsource the design of bridges, electrical grids and other physical infrastructure to the Soviet Union during the Cold War.” —The Intelligence and National Security Alliance
**Cyber-attacks on large banks have never been anything new, but the FBI special agent noticed that the attacks this time are different—large banks in Charlotte, New York and Chicago have reported some kind of virus that has taken control of their computer systems. By midnight, cyber-forensic teams have identified the culprit as a stand-alone malware program-- a computer worm.
In the morning, an FBI spokesperson announces “highly sophisticated,” coordinated and targeted attack against banks in Charlotte, New York and Chicago. The attack is well-timed to occur during the holiday season when banking operation centers and response teams were thinly staffed. The machines bombard government and Wall Street websites with incessant network traffic, crashing or partially disabling them.
Media reports that the attack has destroyed hundreds of thousands of computers, and initiates a panic from account holders that has caused the Federal government to impose a sudden semi-freeze on all accounts, with a $500/day individual account withdrawal limit until further notice.
Despite thousands of man-hours, mitigation efforts are only partially successful. U.S. law enforcement and commercial researchers attempt to determine the origin of the attack and find that the worm received its commands from servers in 26 countries. Researchers have seen this kind of sophistication before in attacks on the defense industry, but never in the commercial sector. Investigators still aren’t certain who launched the assault, although many suspect North Korea.**
Although this is a fictional scenario, recent testimony on Capitol Hill from a host of cyber-defense experts and national security officials has made it clear that such an event is not only possible -- it may very well be inevitable.
It is widely recognized that a strong and well-protected U.S. banking information infrastructure is critical to maintaining our nation’s economic security. But are we prepared for a deliberate and concerted cyber-attack on our financial system?
The cyber domain provides unprecedented opportunities for catastrophic attacks against the banking and finance sectors. Because of the banking community’s heavy reliance on networked information systems, both of these sectors are extremely vulnerable.
The secure networks that banks use every day are the target of persistent hostile activities. To an adept hacker, they are anything but secure. The intrusions are being conducted by a host of adversaries with a wide range of capabilities and objectives. Whether state-sponsored or otherwise, these attacks threaten the integrity and safety of the nation’s financial infrastructure.
To effectively defend itself, the banking industry requires a systemic method not only to defeat these threats, but to also exploit them. Such a method has proven elusive, however. Instead, our financial institutions gravitate toward standard technical cyber security tools that provide a passive defense — but not an active one.
Standard cyber security measures, while always prudent, are largely irrelevant to the most significant threats facing the financial sector today. The prevailing approach of searching for vulnerabilities and applying updated security patches is much like plugging leaks in a badly constructed dam ... with a large city situated squarely downstream.
A better approach incorporates some timeless counterintelligence methods that the CIA has long-used to ferret out spies at home and abroad. Using cyber-forensics, these techniques can neutralize cyber-attackers, isolate, manipulate and interdict them.
Behind every virus, mole, worm and cyber intrusion, there are faces — faces of real people who wish to inflict damage on carefully selected targets. But do we know who these people are and what motivates them?
Whether the objective of an attack is theft, money laundering, extortion or indirect warfare, fast-moving attacks are best handled by cyber-forensics, international law enforcement and counterintelligence experts who are empowered to move quickly and seamlessly through the interagency and commercial arena.
Any effort to understand who these actors are, will also ask who they are allied with, the nature of their activities, the purpose behind them, and what can be done to protect against them. A counterintelligence approach, properly applied and adapted can both produce information on cyber-attackers and protect networks in a proactive, targeted way while protecting our national financial networks.
Today, invisible battle lines are being drawn between banks and cyber-attackers. While traditional cyber-security measures against hackers have become commonplace, very little has been done to address the threat of systemic attacks to the banking industry conducted by state-sponsored and transnational actors. Until a comprehensive approach is adopted, scenarios like the one above will be more possible than anyone in the banking industry would like us to believe.