Sheltered Harbor Prepares Banks for a Cyber Catastrophe

December 11, 2017  |  By Joel Odom

Not only is the U.S. financial system a critical component of national survivability, but consumer confidence in the system is critical to its stability. Whether due to a malicious hack or to an unexpected technical catastrophe, a failure of a bank's computing infrastructure would cripple a bank's ability to process transactions; it also would destroy consumer confidence in the bank. The ripple effects of such a failure could severely erode consumer confidence in the larger financial system.

The likelihood of such a catastrophic cyber attack is difficult to predict, but, to prepare for the worst, banks are joining together in a partnership called Sheltered Harbor, which creates a way for banks to quickly move customers from a crippled bank to a backup bank. The idea is that if the crippled bank suffers a catastrophic failure and cannot process transactions, the backup bank would be able to assume customer accounts, providing the affected customers access to a working bank in a timely manner.

Sheltered Harbor describes itself as "a not-for-profit industry-led initiative founded by 34 financial institutions, clearing houses, core processors and industry associations, collectively representing a significant percentage of the retail banking and brokerage accounts in the U.S."  Financial institutions participating in Sheltered Harbor must archive their customer data in a standardized format so that restoring institutions can load the data into their systems expeditiously.

IISP Analyst Joel Odom: "This is a smart idea.  As someone who tracks the cyber landscape closely, I don't loose sleep over the possibility of a catastrophic attack on critical functions such as banking or energy, but I do think that it could happen.  My hope is that if a catastrophic attack (or other disaster) does happen, the affected function will be able to recover before too much damage is done.

It's easy for cybersecurity researchers such as myself to get lost in the technical details of detecting and preventing cyber attacks, but technical controls are not enough. Technical controls will fail, unexpected scenarios will arise, and some disasters will occur despite our best attempts to secure our systems. We must plan accordingly. Ships should carry lifeboats. Consumers should carry life insurance. Cities should perform disaster planning. Planning for a cyber catastrophe is one important part of cyber resiliency and business continuity. This kind of continuity planning is especially important for critical functions such as banking and voting, where public confidence in the system is of high importance."

 

For further reading

 

More by the author(s)