OCR of the Document

View the Document >>

United Kingdom Government, Letter regarding the Cyber Security in the financial Services Sector, Dec 7 2016

Treasury Committee House of Commons Committee Office 14 Tothill Street London SW1 H 9NB Tel 020 7219 5769 Fax 020 7219 2069 Email treascom@parliament ukWebsitewww parliament uk treascom Ciaran Martin Esq Chief Executive National Cyber Security Centre Hubble Road Cheltenham GL52 OEX 7 December 2016 Cyber Security in the Financial Services Sector Legacy systems human error and deliberate attack have resulted in unacceptable interruptions to vital banking services and weakened the public's confidence in the banking system as a whole The recent attack on Tesco Bank is only the latest example of criminals exploiting vulnerabilities in the banking industry's IT systems It has been two months since the body which you head was created On the basis of what is available in the public domain the lines of responsibility and accountability for reducing cyber threats still appear to be somewhat opaque Responsibility is shared among a number ofbodies primarily the PRA the FCA and GCHQ In practice the other regulators are inevitably dependent on the flow of information and the underlying quality of the work from GCHQ GCHQ's statutory line of accountability is through the Foreign Secretary those of the PRA and the FCA are to the Treasury and Parliament Understandably enough the Foreign Secretary's priorities may be towards the need to address state-sponsored cyber-crime and terrorism not commercial cyber-crime and fraud In the light of the above it is for consideration whether a single point of responsibility for cyber risk in the financial services sector with full ownership of - and accountability for ­ financial cyber threats is now required It may be necessary to create a line of accountability to the Treasury for financial cyber-crime Any new arrangements would need to respect the current statutory responsibilities of the fin pcial regulators i would be grateful if you could give careful consideration to this suggestion It would also be helpful if you could set out your objectives beyond the very general guidance given on page 4 of the NCSC prospectus What p6wers does the NCSC have to secure its objectives by means of meaningful improvements in cyber risk management in firms The problem of outdated IT infrastructure in UK banks is an enduring problem In your speech of 13 September you said that a strategic solution to making such systems secure could only come when they are replaced Do you consider it to be the job of the NCSC to devise a detailed strategy in cooperation with the banking sector to replace legacy computer systems I am copying this letter to the Chancellor the Foreign Secretary and Chief Executives of the a a the FCA I will place this letter and your response into the public domain RT HON ANDREW TYRIE MP CHAIRMAN OF THE TREASURY COMMITTE