GCHQ asked to step up action against cyber-attack threat to financial services

Treasury select committee says existing vulnerabilities and accountability need to be addressed in the wake of Tesco Bank hacking

More action may be needed to protect the financial services industry from a devastating cyber-attack, the head of the Treasure select committee has suggested.

Andrew Tyrie MP wrote to Ciaran Martin, head of the new cybersecurity centre of UK surveillance agency GCHQ, saying the lines of responsibility and accountability for reducing cyber-threats are opaque.

Tyrie’s letter to Martin, who is leading the Cheltenham-based National Cyber Security Centre (NCSC), uses last month’s incident at Tesco Bank to illustrate the vulnerabilities of the financial system.

In November, the banking arm of supermarket chain Tesco admitted that £2.5m had been stolen from 9,000 accounts in an incident which raised fresh concerns about the methods used by financial services firms to detect cyber-attacks.

Two-thirds of all major UK companies – not just financial services firms – have reported security breaches in the last year. The Bank of England has also listed the threat of cyber-attacks as one of the major risks facing the financial services industry.

In his letter Tyrie, a Conservative MP, outlines the responsibility for cyber-threats as being shared between the Bank’s Prudential Regulation Authority (PRA), the Financial Conduct Authority and GCHQ. In turn, the regulatory arms are responsible to the Treasury, while GCHQ reports through the foreign secretary.

In light of this, Tyrie said: “It is for consideration whether a single point of responsibility for cyber risk in the financial services sector, with full ownership of – and accountability for – financial cyber-threats is now required. It may be necessary to create a line of accountability to the Treasury for financial cybercrime.”

Tyrie also asks Martin for clarity on the objectives of NCSC, which was set up two months ago to take charge of the UK’s defences against cyber-offences.

“Legacy systems, human error and deliberate attack have resulted in unacceptable interruptions to vital banking services and weakened the public’s confidence in the banking system as a whole. The recent attack on Tesco Bank is only the latest example of criminals exploiting vulnerabilities in the banking industry’s IT systems,” said Tyrie.

A spokesman for the NCSC said: “We have received this letter and there will be a government response in the New Year.”

The parliamentary committee has been asking questions about the need for a clearer command structure to tackle cyber-attacks during its evidence sessions. Last week, Sam Woods, the Bank’s deputy governor who runs PRA, was asked his views on the need for a single point of contact.

Woods replied it was important to know which body was in charge of each incident rather than have the same point of contact.

“It is essential that the intelligence community gives the regulators the technical and practical support they need to do their job. This means making sure that financial cybercrime has a high priority, and is not subordinate to other work,” said Tyrie.

“Certainly, as millions of customers are exposed to the risks of cybercrime, a higher level of scrutiny and accountability for existing arrangements is needed,” he added.

Contributor

Jill Treanor

The GuardianTramp

Related Content

Article image
GCHQ cyber boss plans British firewall to block hackers
Businesses could use surveillance agency’s expertise to protect them from malicious attacks, says director general of cyber Ciaran Martin

Ewen MacAskill Defence correspondent

13, Sep, 2016 @11:06 PM

Article image
GCHQ warns of fresh threat from Chinese state-sponsored hackers
National Cyber Security Centre urges operators of critical national infrastructure to prevent hacks

Dan Milmo Global technology editor

25, May, 2023 @3:34 PM

Article image
Ransomware is biggest online threat to people in UK, spy agency chief to warn
GCHQ cybersecurity boss sounds alarm over extortion by hackers who are mostly based in former Soviet states

Dan Sabbagh Defence and security editor

13, Jun, 2021 @11:01 PM

Article image
The Chinese firm taking threats to UK national security very seriously
Overseen by a UK government board, the Cell is a part of Huawei in Oxfordshire ensuring its own technology cannot be compromised for nefarious purposes

Juliette Garside

07, Aug, 2016 @6:00 AM

Article image
May to ban Huawei from providing 'core' parts of UK 5G network
Telecoms firm will still be able to supply some technology, but decision may anger Beijing

Dan Sabbagh Defence and security editor

23, Apr, 2019 @11:01 PM

Article image
Russian hackers targeting opponents of Ukraine invasion, warns GCHQ chief
Russian operatives trying to escalate online conflict and seeking targets in countries opposing war, says Jeremy Fleming

Dan Sabbagh Defence and security editor

10, May, 2022 @8:58 AM

Article image
GCHQ uses Instagram to 'open up world of espionage' to public
UK intelligence hub opens account on app that has become growing source of citizens’ metadata

Matthew Weaver

31, Oct, 2018 @3:18 PM

Article image
Tesco Bank cyber-thieves stole £2.5m from 9,000 people
Bank announces total sum as it reassures customers that they have been refunded and that normal services have been restored

Jill Treanor

08, Nov, 2016 @10:10 PM

Article image
Are you a top secret cyber-security genius? Take our test
As part of the government’s new national cyber-security programme, 50 people with non-tech backgrounds will be recruited to become hack-breakers. Do you have what it takes?

Stuart Heritage

02, Nov, 2016 @12:34 PM

Article image
Tech pioneer Phil Zimmermann calls Cameron's anti-encryption plans 'absurd'
PGP inventor rubbishes Tory plans to ban encryption and says modern commerce depends on it: ‘End-to-end encryption is everywhere now’. By Stuart Dredge

Stuart Dredge

02, Feb, 2015 @12:25 PM