In a world where attacks on computers are nearly de rigueur at this point, it isn’t much of a surprise that U.S. banks have begun quietly doomsday-prepping for a successful apocalyptic attack on their computers by hackers. The goal is to head off a run on the bank by panicked citizens.
Called Sheltered Harbor, the project currently includes banks and credit unions holding between them about 400 million U.S. accounts. The project requires that each member bank offers up its data such that it can be used by other firms in the event their computers are totally disabled by a cyberattack.
The concern among bankers isn’t that hackers will merely abscond with funds — another possibility is that they will simply hold funds hostage by finding ways to lock the custodial banks out of them. Hackers could also threaten to destroy the data.
Such an attack could leave a bank wholly unable to function for days or even weeks or months, depending on the severity of the attack.
“So far, most people think about cyber in terms of having a credit card stolen,” said Stuart Madnick, a professor of information technologies at the MIT Sloan School of Management. “What you’re talking about now is a nuclear attack: if you can’t get to the ATM and get it to work.”
That could cause a panic among customers — and while the Fed and FDIC have done much to make sure consumers stay confident in the system even in the event of a bank failure, the system is more set to deal with banks that fail over solvency or liquidity issues, not for a situation where ATMs don’t work because of a cyberattack.
“This level of vulnerability to cyberattack didn’t exist in 2008,” said Paul Bracken, a professor at the Yale School of Management who has developed war-game scenarios with banks since the 1990s. “The question is how you handle … new ports to enter the system.”