[Infowarrior] - WSJ: Banks Build Line of Defense for Doomsday Cyberattack

Sun Dec 3 10:05:31 CST 2017

Banks Build Line of Defense for Doomsday Cyberattack

The Sheltered Harbor project is meant to ensure that every U.S. bank has a protected, unalterable backup that can be used to serve customers in case of a major hack

Telis Demos
Dec. 3, 2017 7:00 a.m. ET

U.S. banks have quietly launched a doomsday project they hope will prevent a run on the financial system should one of them suffer a debilitating cyberattack.

The effort, which went live earlier this year and is dubbed Sheltered Harbor, currently includes banks and credit unions that have roughly 400 million U.S. accounts. The effort requires member firms to individually back up data so it can be used by other firms to serve customers of a disabled bank.

While most people worry about their money being stolen in a hack, banks fear something more sinister: an attacker destroying, or even simply locking, data.

Such moves could cripple a bank, leaving it unable to operate for hours, days, or perhaps much longer. If people suddenly can’t access their accounts and money at one bank, customers at other banks could  panic, thinking they might be vulnerable, too. This could prompt them to withdraw funds as a precaution and, in a worst-case scenario, spark a run on the wider banking system.

“So far, most people think about cyber in terms of having a credit card stolen,” said Stuart Madnick, a professor of information technologies at the MIT Sloan School of Management. “What you’re talking about now is a nuclear attack: If you can’t get to the ATM and get it to work.”

< - >

“This level of vulnerability to cyberattack didn’t exist in 2008,” said Paul Bracken, a professor at the Yale School of Management who has developed war-game scenarios with banks since the 1990s. “The question is how you handle...new ports to enter the system.”

One answer was Sheltered Harbor, whose participants range from small, local institutions to giants such as Bank of America Corp., Citigroup Inc., and JPMorgan Chase JPM 0.26% & Co. Its 34-member board is composed of representatives of individual big banks, groups of smaller firms, trade associations, clearinghouses and broker-dealers.

The project was hatched by Phil Venables, chief operational risk officer at Goldman Sachs, and James Rosenthal, Morgan Stanley’s former chief operating officer. Both are now co-chairs of Sheltered Harbor.

The idea is to ensure that every U.S. bank has the kind of backups that some of the biggest banks have been using since the 1990s: protected in vaults, whether digital or physical, and unalterable once recorded.

To participate, banks pay fees ranging from $250 to $25,000 a year, depending on their size. Members must follow specific guidelines on formatting data, creating a backup vault and submitting to audits. The  goal is to make it feasible for backed-up data to start being used to cover an affected institution’s customers within 48 hours.

< - >

https://www.wsj.com/articles/banks-build-line-of-defense-for-doomsday-cyberattack-1512302401