Is The U.S. Facing An Economy-Crippling Cyberattack?

The Securities Industry and Financial Markets Association (SIFMA) – worries that the U.S. banking system is dangerously vulnerable to acts of cyber-warfare that could fundamentally damage the entire economy. To head off the threat, the organization wants to see banking executives, federal officials and security experts start collaborating now on the next generation cyber protections. Is SIFMA responding rationally to increasingly inventive and organized cyber-criminals, or, are they perhaps over-reacting to the data at hand?

In the shadow of the slew of cyber attacks on Target, Michaels and P.F. Changes- just to name a few—that have left millions of consumer accounts compromised and massive financial losses in their wake, it is unsurprising that Wall Street’s largest trade group—the Securities Industry and Financial Markets Association (SIFMA)—is concerned about what cyber-security threats could mean for the future of the U.S. economy.  What is a little more surprising is the level of concern they bring to the issue, and the level of response they are suggesting.

Facing Economic Shutdown

According to an internal SIFMA document reported on by Bloomberg, the group is concerned that a terrorist attack on the banking system could leave account balances (temporarily) at zero, which would in turn set off a financial panic that could entirely shut-down the U.S. economy.

“The systemic consequences could well be devastating for the economy as the resulting loss of confidence in the security of individual and corporate savings and assets could trigger widespread runs on financial institutions that likely would extend well beyond the directly impacted banks, securities firms and asset managers,” SIFMA wrote in the document, dated June 27, reports Bloomberg.

The document goes on to note that there are grave concerns that the banking system is both unable to respond quickly and effectively to a primary attack, and that even if such a first round response could be organized, the document is highly pessimistic about the realistic possibility that the banking system could respond to several waves of secondary cyber-attacks while recovering from a devastating primary attack.

And, although SIFMA is the largest megaphone for this message right now, it is a concern shared by smaller regional bankers.

“When it does happen, the hue and cry will go up,” Camden Fine, president of the Independent Community Bankers of America, noted in an email to the source. “Who will be liable? What will the FDIC do? It is like watching a train wreck in the making and there is nothing you can do to stop it.”

War Council

To pre-empt the coming economic Armageddon scenario described, SIFMA’s document proposed the creation of “war council” made of banking industry executives and deputy-level representatives from at least eight U.S. agencies including the Treasury Department, the National Security Agency and the Department of Homeland Security.  White House senior staff and former NSA Director Keith Alexander would facilitate the council, whose consulting services SIFMA has reportedly retained.

The purpose of this council would be to both figure out information dissemination paths and emergency responses coordination in the event of an attack.

The proposal is not without controversy. Florida Alan Grayson noted that such a public-private partnership would need to be closely monitored by Congress so as to prevent it from drifting into legally questionable counter-attack methods to warn off cyber-criminals.

“Because of the murky nature of cybersecurity, I am concerned that a council like this might propose either physical attacks or cyberattacks by the US military on the perceived source of the threats,” said Florida Representative Alan Grayson in a statement. “This could in effect make the banks part of what would begin to look like a war council.”

There have also been charges that while cyber-security is a serious issue, in the hands of SIFMA, the problems are being somewhat overstated.  There have also been questions raised about Keith Alexander’s involvement with the project, given his inside level of government cyber security protocols, notes Bloomberg in a separate report.

What the outcome of this document release will be remains to be seen.  SIFMA had no comment on the document, though a spokesperson told Bloomberg SIFMA “is doing everything possible to help the industry prepare for and defend against cyberattacks.”  The White House Security Council had no comment.

It seems clear that this document, in this form anyway, was never meant for public release.  A source close to the matter told PYMNTS that as of yet SIFMA does not actually know where the internal document came from, as Bloomberg has not release their source.