The Public Eye with Eric Chabrow

Imagine This: NSA Supervising Bank IT

Not Likely in U.S., But Such a Scenario Is Developing in Israel
Imagine This: NSA Supervising Bank IT

Imagine American banks being required to submit to the supervision of the National Security Agency, the super-secret electronic spy organization run by the Defense Department, to assure the economic stability of the nation. In an era when Congress balks at even the mildest forms of private-sector IT security regulations, it's hard to envisage powerful U.S. financial institutions allowing the NSA keep an eye on their IT transactions.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

Yet, in Israel - a nation that pats down passengers before they're allowed to board a plane - commercial banks are letting Shin Bet, the nation's secret service, supervise their computer systems, fearing they could be targeted in cyber-assaults that could cripple the country's economy, according to a report is the Israeli newspaper Haaretz.

Like their counterparts in the United States and elsewhere, Israeli bankers and their regulators over the years have been leery about granting a government security agency such oversight over their companies' information systems. The main concern of Israeli bankers wasn't government regulation, per se, but fear supervision would frighten off foreign investors and depositors.

Yet, in the past few years, Israel's banking industry began to recognize it's part of that nation's critical infrastructure, and Shin Bet, through the National Information Security Authority, supervises the networks of critical infrastructure owners in Israel. Among companies receiving supervision: Israel Electric Corp., Israel Railways, telecom provider Bezeq and the Tel Aviv Stock Exchange.

Israeli bankers viewed IT security a generation ago largely in terms of fraud prevention, Nimrod Kozlovski, a lecturer in IT security at Tel Aviv University, tells Haaretz. That view is broadening, he says, and bankers today accept their institutions are part of the nation's critical IT infrastructure.

"The assumption is that certain civilian infrastructure that is not supplied by the government is nevertheless of critical importance to the nation's strength or stability," Kozlovski says. "There are nightmare scenarios that could affect the nation's strength, such as one in which hackers seize control of the interbank clearing system, which is responsible for all financial transfers in the economy, or over the interbank communication system, enabling them to shut down the banks' commercial trade."

Cyber Aggressor, Victim or Both?

In international circles, Israel is perceived - though not proven - as an aggressor in cyberassaults. With a robust IT security community, many cybersecurity experts see Israel behind the 2010 Stuxnet attack on Iranian uranium centrifuges and the just-discovered super-spyware called Flame that targeted institutions in the Middle East, especially Iran, whose leaders have called for the annihilation of the Jewish State. In fact, Israel Vice Prime Minister Moshe Ya'alon hinted in a radio interview that Israel might be involved with Flame (see Israel Seen Fanning Flame of New Spyware).

Yet, as Haaretz reports, Israel has been the victim of cyberassaults, including one in which a Saudi hacker posted some 15,000 Israeli credit card numbers online. Israel's three credit card companies - Isracard, Leumi Card and Cal - are all owned by the banks, so the hacks essentially targeted banks.

Bankers here in the United States, like those in Israel, recognize that their IT networks are part of the nation's critical infrastructure, but few would be willing to submit to a government intelligence agency supervising their computer systems to protect them.

Why are Israeli bankers willing to accept such oversight? Unlike in other democracies, security is embedded in Israelis' DNA. Since its founding in 1948, Israel has fought three major wars as well as a number of other armed conflicts with its neighbors. Israel drafts into the military most of its Jewish citizens, who make up three-quarters of its population of 7.6 million. The military, for most Jewish Israelis, is a trusted institution, and a citizens' army makes its citizenry part of the nation's security infrastructure. Besides, sacrificing some independence to assure they remain secure is part of the psyche of most Israelis, including bankers.

Notwithstanding our quest to be more secure, many Americans shudder at the thought of government regulation of private IT networks, even critical ones, despite the cost to our nation's well being.



About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.