Back in the days, a long time ago, when animals could still talk, I was working with the Belgian National Police. I was working in a highly secure environment, regularly being trained on the importance of being aware of cyber threats, including social hacking.
I did some ethical hacking myself, and felt the rush of locking out the security officer of one of my customers, just to prove a point. I still vividly recall a demonstration session where two hackers asked the audience who they worked for. And surely, before
the end of the one-hour session, one of the hackers had entered the systems of the company of someone in the audience. It was a bank.
Since those days, we have moved on tremendously. Our data centers are secured with biometric devices and impenetrable walls. They’re located at undisclosed sites; they’re protected with encryption software and legally binding legislation. And the bank that
got hacked in the hackers’ session joined SWIFT, “The global provider of secure financial messaging services”.
And I started working with SWIFT. A lot. I enjoyed their professionalism, I made friends, and loved to hate them when they didn’t agree with the great business proposal I had for them this time.
The news that ‘SWIFT got hacked’ ran shivers down my spine. Come again? SWIFT? Surely not! I couldn’t have been more baffled if someone had
told me that Nina Simone playbacked most of her gigs.
But then I got reading and reality started to seep in. I learned about the
lack of decent firewalls, the
technology behind it and the role of Alliance Access.
SWIFT’s early warning didn’t prevent a
hack in a second undisclosed bank and the
attempted breach in Vietnam's Tien Phong Bank.
So what does this mean?
I certainly won’t be the next guy to envision that
SWIFT will be replaced by blockchain. That’s too easy, and too opportunistic. Don’t get me wrong. Blockchain is important; it’s here to stay, and it’s here to play a very important role in our lives. Blockchain is here to challenge SWIFT. And that’s a great
workout for SWIFT.
No, the opportunity lies elsewhere.
SWIFT will have no problems countering legal responsibility and accusations of malpractice by its technical staff. SWIFT has committed to a service, and has lived up to that commitment. Legally. The responsibility is with the banks.
The real question is however whether SWIFT is ready to go beyond its duties and innovate where it’s supposed to be strong.
If multiple banks are hacked at SWIFT’s endpoints, Alliance Access, there’s an opportunity to tackle that problem. If multiple banks don’t succeed in securing those end points, SWIFT has an obligation to extend their service and control to those end points.
And yes, this means being responsible for the hardware (why not include Alliance Access and AMH in a SWIFT-controlled VPN box?), the data center (why not operate a SWIFT-locked portion of the bank’s data center?) and the possibility for human error (why not
place SWIFT staff in the data center?).
SWIFT has the opportunity to innovate and go beyond their duties. I hope it happens. Soon.
The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.