back to article Outage outrage: Banks need clear targets for improving IT systems

Banks should be set "clear objectives and targets" on improving the performance of their IT systems in light of a number of recent major outages, the chairman of a prominent UK parliamentary committee has said. In letters to Andrew Bailey, chief executive of the Prudential Regulation Authority (PRA), and Tracey McDermott, …

  1. Anonymous Coward
    Anonymous Coward

    Pot calling kettle black alert.

    Maybe they should eat their own dogfood.

    I always find it perverse that MPs who have shown wanton ridiculousness in the field of IT management, technology law and science seem to think they have a single clue. Always happy to give advice, reminds me a bit of those nosey old people always telling people how they should be doing things.

    1. Anonymous Coward
      Flame

      RE: Pot calling kettle black alert.

      I always find it perverse that MPs who have shown wanton ridiculousness in the field of IT management, technology law and science seem to think they have a single clue. Always happy to give advice, reminds me a bit of those nosey old people always telling people how they should be doing things.

      Are you saying that Parliament should not pressure banks to clean up their IT security act? How does that help?

      These "nosey old people" should be applauded for vocalising the concerns and interests of the public, whom it is their job to represent.

      1. Anonymous Coward
        Anonymous Coward

        Re: RE: Pot calling kettle black alert.

        I'd be more interested if they could speak from a position of experience and expertise as opposed to faux outrage. Fantasy is easy.

        They like to make believe that it's as easy as waving your hands but in reality it'll take years for the banks to upgrade their core systems. They offer no solutions but like to talk a lot.

        1. Anonymous Coward
          Anonymous Coward

          Re: RE: Pot calling kettle black alert.

          in reality it'll take years for the banks to upgrade their core systems.

          No, it just takes a big enough stick. It is amazing how fast organisations can move given the correct incentive.

          1. LucreLout
            Paris Hilton

            Re: RE: Pot calling kettle black alert.

            No, it just takes a big enough stick.

            Stick size won't make a jot of difference. Any IT board member will just have been promoted there from the role they were already doing, and is likely the person to blame for the problems besetting bank-wide IT.

            Offshoring is the root and source of the problem. The solution is easy to state, but will take time to implement: Prevent banks using outsourced or offshored IT; keep it all in house.

            That might not be wholly realistic, but it should be the overriding aim of any changes and certainly the direction in which all banks find themselves travelling.

            Paris because getting screwed on the internet may get you noticed, but after the first few times nobody is amused.

  2. Anonymous Coward
    Meh

    Good luck with that....

    ...most IT directors I've encountered think the iPad is does all the processing and the rack after rack of servers just store the photos and files and if those are slow to get hold of while in outer Mongolia, pressing the make it faster button will sort all the issues out.

  3. AndrewDu

    "IT expertise in the boardroom" ?

    Aye, that'll be right.

    1. Anonymous Coward
      Anonymous Coward

      Or indeed any expertise, or maybe just plain old common sense?

    2. Anonymous Coward
      Anonymous Coward

      If one judges by the serial mis-selling scandals, and the need to bail out a large proportion of the banking industry a few scant years ago, the banks could start off by getting some genuine financial expertise into their boardrooms, instead of rent-a-director clowns focused solely on trousering vast bonuses.

  4. Guus Leeuw

    Dear Sir,

    "IT risks need to be accorded the same status as credit, financial and conduct risk. They are every bit as serious a threat to customers and to overall financial stability"

    while I applaud the sentiment in those sentences, I think it would be wholy incorrect to create one group that will provide guidelines for IT Security. Who should be in that group? GCHQ? NSA? Google? HPE? IBM? End-users? FSF? Why not also Microsoft?

    An ITSecurity/Resiliency Regulator... What a waste of money. What have the romans ever done for us, eh?

    Creating laws that make it unlawful for a technology-driven company (any really, not only banks)

    * to have outages that take longer than 24 to fix (public SLA)

    * to have systems that can be hacked into

    * to not report such (also) illegal hackingly acquired access

    Make the amount of fines payable to the court depending on how life-necessary the technology service is, and/or how many records were stolen and/or how many (wall-clock) hours of illegal access were achieved and/or how many hours of DDoS caused systems to be unreachable for their intended purpose. I.e. facebook can pay the amount of (£|$|€)0.001 if unavailable for 1 year, whereas for example a national news service (paid by TV licenses) might attract fines of half a million in case their online services are unreachable for half a day, possibly payable by budget cuts from then on in (ie lower TV license cost).

    To me, that should be part of the Computer Misuse Act. Yes, I understand that IoT and Cloud Computing require responsive and dynamic compute resources... That in itself does not mean one can foresake a firewall, a bastion host, or a FortiNet device (oh wait...), or any IT Security measures that common sense dictates should be implemented.

    Best regards,

    Guus Leeuw

  5. Crisp

    There's already IT expertise in the boardroom

    Usually whenever someone needs a projector set up or a laptop plugged in...

    1. Will Godfrey Silver badge
      Meh

      Re: There's already IT expertise in the boardroom

      I believe it's usually three on shift for 24 hour cover.

    2. Moonunit

      Re: There's already IT expertise in the boardroom

      Yup, yup ... best use of the 650-a-day EA dude is plugging in the projector. Or similar. But heaven forbid you'd actually act on the 250K-worth of planning said dude has done. Oh noooo ... nooo ... scream.

      1. Moonunit

        Re: There's already IT expertise in the boardroom

        Vague and wafty 'cos I like many of the people at the place referred to above. Just not the executive suite ...

  6. Anonymous Coward
    Anonymous Coward

    They have a good point

    Because in many Banks CIO is not a board level position - which given that most banks are IT Shops that just happen to have banking licenses is near to criminal in my book.

  7. N2

    IT expertise in the boardroom?

    Youre 'aving a larf there.

    Usually, IT falls under the financal director who knows the price of everything & the value of nothing

    Spend the afternoon speccing out a new what ever it is & within 10 mintes Finance tear it to bits because its too much of their money, yes they spend it like its their own & come up with a crap alternative that costs a few hundred quid less with the lifespan & reliability of an anorexic Mayfly.

  8. Anonymous Coward
    Anonymous Coward

    U.S. Banks

    Maybe you would consider looking across the pond to the U.S. As an IT Security guy in a bank here I can tell you the complaints listed are not so prevalent here. Yes we have to justify our budget like anyone else but the Executive Leadership Team (of which one is the CIO) knows that spending and training for security is crucial to protecting bank and customer information. We arent perfect but we aren't completely dysfunctional either. We have IT Security Frameworks to follow (if you are a larger bank) and we have both internal and external audits.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like