There's a lot of talk in cybersecurity circles about critical infrastructure like the power grid.
Also critical is our access to money, via the web, an app, the ATM, or with every point-of-sale transaction while we shop.
What if a cyber attack cut us off from our money or our ability to buy things?
What would things be like on the day cyber criminals cut us off from our money?
Those of us in InfoSec know that big banks, in particular, tend to have security teams that run both wide and deep and their security efforts tend to be extremely mature.
And that may be giving us a false sense of security.
A new report to Congress suggests the financial system may only be as strong as its weakest link in what is a complicated and interconnected system with a lot of players.
This map, created by the Office of Fiancial Research, or OFR, details how an infection or cyber attack can spread throughout the financial system.
Red is an infection and arrows indicate the direction a contagion would travel.
"Disruptions to the operations of a key institution in the financial system could be transmitted through these networks and lead to a systemic crisis," the report says.
This would likely happen because those who had not yet been infected would cut themselves off from the larger financial system to protect their own network.
As a result, transactions would stop and the financial sector would grind to a hault.
The OFR report presents three critical lessons for the U.S. financial system.
Lesson #1: A network’s resilience can vary greatly against different types of threats. Targeted attacks by sophisticated adversaries can cause much more damage than random failures, and these attacks necessitate a much higher level of network resilience.
Lesson #2: Coordinating defense strategies among network participants is vital in preventing weaknesses in defense systems. A lack of coordination between market participants and regulators can compromise network stability and leave key institutions under-defended."
Lesson #3: Regulators must work with the industry to ensure the resilience of the financial system, even if individual companies do not recognize that the benefits of protecting the overall system are worth their cost of increased resilience.
Hopefully that work produces results the rest of the U.S. can bank on.