Should Service Providers Cover for Each Other in a Cyber Attack?
Nearly 80 years before the Great Recession of 2008, the Great Depression devastated the country. Historians place some blame for the economic collapse on the loss of confidence in bank dollars that saw millions of anxious people withdraw their money from deposit accounts in what proved to be a futile precaution.
So ingrained was the lesson learned by banks then about consumer confidence that it still reverberates today. Only this time around, banks fear a cyber attack that destroys or locks out access to data, potentially domino-ing to a catastrophic loss of confidence by customers unable to get to their money. How, for example, might people react if denied access to their ATMs and accounts for who knows how long because of a major cyber attack?
What’s one new strategy of banks and credit unions to not repeat history? It’s a project called Sheltered Harbor launched earlier this year in which individual member institutions backup data that can be used by other banks to help customers victimized in a cyber attack. Think of it as a team of rivals.
The Wall Street Journal, which reported the initiative, called it a “doomsday project,” whose aim is to calm unnerved customers unable to access their accounts for perhaps days or weeks. It’s an interesting and somewhat novel concept — big banks working together as backup/recovery/business continuity sources for one another (and smaller banks) should a cyber attack axe their network.
IT Service Providers: Following Suit?
Could a similarly constructed strategy work for large IT service providers, one in which each has the other’s back to keep the telecommunications grid up and running and retain customer data were one or more to go down from a cyber assault?
Imagine, if you will, Verizon or Comcast or AT&T or Charter or CenturyLink telling each other “no worries, we got you covered” as a backup/recovery/business continuity option if any one of them should be bombed by a ransomware attack? Would that assure customers that all is well?
A collaboration of that sort could extend to the smaller, more vulnerable ISPs, and most importantly, continue business relatively uninterrupted for customers. It wouldn’t be a trivial step: There’s some history in the banking industry to support the idea, as the WSJ reported. Two years ago, the U.S. Treasury ran a simulation of an informal “buddy bank” system in which two local branches agreed to help each other in a crisis. While it sounded good, it didn’t work. Bankers rightly concluded that failures at smaller banks could undermine the entire system and wouldn’t quell fears.
Of course, there are some substantial differences between Sheltered Harbor and a plan that large (and small) ISPs might endorse if an incapacitating hack brought one or more of them down and locked out customer data. What’s similar, however, is the widespread heebie-jeebies and unpredictability that might ensue…