New York: Bankers and US officials have warned that cyber-terrorists will try to wreck the financial system's computer networks. What they aren't saying publicly is that taxpayers will probably have to cover much of the damage.
Even if customers don't lose money from a hacking assault on JPMorgan Chase, the episode is a reminder that banks with the most sophisticated defences are vulnerable. Treasury Department officials have quietly told bank insurers that in the event of a cataclysmic attack, they would activate a government backstop that doesn't explicitly cover electronic intrusions, two people briefed on the talks said.
"I can't foresee a situation where the president wouldn't do something via executive order," said Edward DeMarco, general counsel of the Risk Management Association, a professional group of the banking industry. "All we're talking about is the difference between the destruction of tangible property and intangible property."
The attack on New York-based JPMorgan, though limited in scope, underscored how cyber assaults are evolving in ferocity and sophistication, and turning more political, possibly as a prelude to the sort of event DeMarco describes.
Not simply an effort to steal money, the attack looted the bank of gigabytes of data from deep within JPMorgan's network. And bank security officials believe the hackers may have been aided by the Russian government, possibly as retribution for US sanctions over the Ukraine war.
A worst-case event that destroyed records, drained accounts and froze networks could hurt the economy on the scale of the terrorist attacks of September 11, 2001. The government response, though, might be more akin to that following the 2008 credit meltdown, when the US Federal Reserve invoked "unusual and exigent circumstances" to lend billions of dollars.
The government might have little choice but to step in after an attack large enough to threaten the financial system. Federal deposit insurance would apply only if a bank failed, not if hackers drained accounts. The banks would have to tap their reserves and then their private insurance, which wouldn't be enough to cover all claims from a catastrophic event, DeMarco and other industry officials said.
Janet Napolitano, the Secretary of Homeland Security until August 2013, had earlier warned in her valedictory speech that the country will someday suffer a cyber September 11 "that will have a serious effect on our lives, our economy, and the everyday functioning of our society."
Wall Street banks, brokerages and other leading companies have grown increasingly concerned as well. It's just a matter of time before nation-states or terrorist groups aim to "destroy data and machines," the industry's biggest lobbying group wrote in a June 27 internal document.
The Insurance Information Institute (III), a leading industry group, estimates that policies paid out about $42.9 billion after the September 11 attacks. Economic losses, given the closure of lower Manhattan, grounded flights and shuttered financial markets, were much larger.
Regulators are also seen raising pressure on banks, broker-dealers and hedge funds to report intrusions and show they're improving cyber defences.
The June document, from the Securities Industry and Financial Markets Association (SIFMA), asked for federal help in those tasks, too. It proposed a government-industry cyber-war council to share threat information, help build firewalls and prevent attacks from spreading.