The financial sector is under an increasing level of attack from cyber criminals and should not be neglected as the UK bolsters national infrastructure defences, the chairman of the Treasury Select Committee has warned.
Andrew Tyrie wrote to Ciaran Martin, the head of the GCHQ's National Cyber Security Centre (NCSC), on December 7th. The previous month had seen an attack on Tesco Bank in November in which money was stolen from thousands of customer accounts.
In his letter Tyrie was critical of the complex chains of command and accountability within government and the intelligence services.
"It is for consideration whether a single point of responsibility for cyber risk in the financial services sector, with full ownership of - and accountability for - financial cyber-threats is now required," he wrote.
"It may be necessary to create a line of accountability to the Treasury for financial cyber crime."
Tyrie said that the UK's defences against such attacks fall short of what's required, given the escalating nature of the threat.
"Legacy systems, human error and deliberate attack have resulted in unacceptable interruptions to vital banking services and weakened the public's confidence in the banking system as a whole," he wrote.
"The recent attack on Tesco Bank is only the latest example of criminals exploiting vulnerabilities in the banking industry's IT systems."
Conservative MP Tyrie seems to be concerned that financial cyber crime might be an afterthought, with state-sponsored attacks and counter-terrorism measures soaking up a majority of available resources.
"It is essential that the intelligence community gives the regulators the technical and practical support they need to do their job. This means making sure that financial cyber crime has a high priority, and is not subordinate to other work," he urged.
"Certainly, as millions of customers are exposed to the risks of cyber crime, a higher level of scrutiny and accountability for existing arrangements is needed."
The NCSC has said it will respond to the letter in the new year. The agency, which is part of GCHQ, was launched in September with a remit to tackle the threat to the nation from cyber attacks. Martin claimed that more than 200 "national security-level cyber incidents" per month are logged by the authorities.
In November technical director Ian Levy outlined eight ways NCSC would be seeking to address the issue of cyber attacks, most of which involve strengthening government infrastructure and responses, rather than being focussed on industries such as the financial sector. Indeed his lengthy blog post does not mention finance once.
Microsoft comes up with a new way to foist its unloved and little used Edge web browser on people
Insider claims Cambridge Analytica used academic app to filch Facebook data of 50 million users
Is the Samsung Galaxy S9+ worth its high price?