 |
| Endrew Tyries MP The head of the Treasure select committee. |
More
action may be needed to protect the financial services industry from a
devastating cyber-attack, the head of the Treasure select committee has
suggested.
Andrew
Tyrie MP wrote to Ciaran Martin, head of the new cybersecurity centre of UK
surveillance agency GCHQ, saying the lines of responsibility and accountability
for reducing cyber-threats are opaque.
Tyrie’s
letter to Martin, who is leading the Cheltenham-based National Cyber Security
Centre (NCSC), uses last month’s incident at Tesco Bank to illustrate the
vulnerabilities of the financial system.
In
November, the banking arm of supermarket chain Tesco admitted that £2.5m had
been stolen from 9,000 accounts in an incident which raised fresh concerns
about the methods used by financial services firms to detect cyber-attacks.
Two-thirds
of all major UK companies – not just financial services firms – have reported
security breaches in the last year. The Bank of England has also listed the
threat of cyber-attacks as one of the major risks facing the financial services
industry.
 |
| Ciaran Martin The head of GCHQ’s new cybersecurity arm |
In
his letter Tyrie, a Conservative MP, outlines the responsibility for
cyber-threats as being shared between the Bank’s Prudential Regulation
Authority (PRA), the Financial Conduct Authority and GCHQ. In turn, the
regulatory arms are responsible to the Treasury, while GCHQ reports through the
foreign secretary.
In
light of this, Tyrie said: “It is for consideration whether a single point of
responsibility for cyber risk in the financial services sector, with full
ownership of – and accountability for – financial cyber-threats is now
required. It may be necessary to create a line of accountability to the
Treasury for financial cybercrime.”
Tyrie
also asks Martin for clarity on the objectives of NCSC, which was set up two
months ago to take charge of the UK’s defences against cyber-offences.
“Legacy
systems, human error and deliberate attack have resulted in unacceptable
interruptions to vital banking services and weakened the public’s confidence in
the banking system as a whole. The recent attack on Tesco Bank is only the
latest example of criminals exploiting vulnerabilities in the banking
industry’s IT systems,” said Tyrie.
A
spokesman for the NCSC said: “We have received this letter and there will be a
government response in the New Year.”
The
parliamentary committee has been asking questions about the need for a clearer
command structure to tackle cyber-attacks during its evidence sessions. Last
week, Sam Woods, the Bank’s deputy governor who runs PRA, was asked his views
on the need for a single point of contact.
Woods
replied it was important to know which body was in charge of each incident
rather than have the same point of contact.
“It
is essential that the intelligence community gives the regulators the technical
and practical support they need to do their job. This means making sure that
financial cybercrime has a high priority, and is not subordinate to other
work,” said Tyrie.
“Certainly,
as millions of customers are exposed to the risks of cybercrime, a higher level
of scrutiny and accountability for existing arrangements is needed,” he added.
No comments:
Post a Comment