Key Financial Utilities Are Warned to Bolster Hacking Defenses

  • ‘Take action immediately,’ says European Central Bank official
  • New guidelines follow attack on Swift interbank message system

The bedrock of global capitalism needs better protection from the growing threat of cyberattacks, according to a new report.

Financial market infrastructures -- industry jargon for key utilities including payment and trade-settlement systems -- should make resiliency to hacks central to their design and management, according to the first-ever set of guidelines released by the Bank for International Settlements.

“FMIs should take action immediately,” Benoit Coeure, chairman of BIS’s Committee on Payments and Market Infrastructures and a member of the European Central Bank’s Governing Council, said in a statement announcing the guidelines Wednesday.

The report comes after hackers stole $81 million from Bangladesh’s central bank by breaking into its computers and then exploiting the interbank messaging platform Swift.

The recommendations from BIS, which is a consortium of central banks, and the International Organization of Securities Commissions concerns a critical segment of finance. Financial market infrastructures are responsible, among other things, for processing payments and delivering assets to buyers from sellers. In other words, hackers who gain access can cause havoc to the underpinnings of financial markets and banking.

“If not properly managed, FMIs can be a source of financial shocks, such as liquidity dislocations and credit losses, or a major channel through which these shocks are transmitted across domestic and international financial markets,” according to the report. “In this context, the level of cyber resilience, which contributes to an FMI’s operational resilience, can be a decisive factor in the overall resilience of the financial system and the broader economy.”

Among other things, the report seeks to get FMIs in every country meeting the same security standards. The utilities need a plan to defend against and react to hacks, according to the report, which recommends having an executive dedicated to the task. It set a goal of recovering from attacks in two hours. To ensure that’s accomplished, FMIs were told to improve their infrastructure within one year of the report’s publication.

Cyber attacks are “a constant threat,” said Greg Garcia, executive vice president of McBee Strategic Consulting LLC and former assistant secretary for cyber security and communications for the U.S. Department of Homeland Security from 2006 to 2008. “As long as we have an Internet and an online commercial world, we are going to have cyber crime.”

Before it's here, it's on the Bloomberg Terminal.