Cyberterrorists and hackers may capture the popular imagination, but the more immediate enemy in the electronic future for banks and other financial services lies within.
That's the message from Peter H. Daly, a Treasury Department expert in electronic commerce who was appointed last summer to the President's Commission on Critical Infrastructure Protection.
Formed last year, the 15-member commission is examining both physical and electronic dangers posed to eight key sectors -including banking and finance, telecommunications, and energy-considered vital to national security. The commission will submit a report to President Clinton by mid- October.
Though Mr. Daly concedes that cases such as a Russian computer hacker's thwarted attempt to steal about $12 million from Citicorp indicate criminals or foreign enemies could plunder or disrupt the U.S. financial system via computer, his point is that it could just as easily be disrupted by a regional power failure or telecommunications snafu. Once-separate infrastructures are now intertwined, which poses new risks, Mr. Daly explained.
And with the speed of modern communications, the failure of an Asian bank or pension fund that invests heavily in U.S. markets could be felt here "almost instantly," he said.
"The probability of a major system failure sometime down the road, let's say in this next decade, at this point appears to be more likely from these interdependencies and unseen partnerships than from an attack," Mr. Daly said.
Further in the future, home banking will present one of the most formidable challenges, he said. When it fully develops, which might not occur for another 50 years, financial institutions will need massive data storage capability, rapid payment processing systems, and new security measures. Protections will have to authenticate the identities of those who log on and the security of information as it is transferred, he said.
A 31-year Treasury Department veteran, Mr. Daly has tackled such issues before. While director of the Bureau of Engraving and Printing from 1988 to 1995, he represented the Treasury on payments systems issues to the Federal Reserve Board and law enforcement agencies. He co-authored the first Treasury statement on electronic money, published last September.
Appointed to head the commission in August, Mr. Daly leads its four- person financial services team which also includes experts in law, engineering, and privacy.
So far, Mr. Daly said that he has met with about 50 bankers, securities executives, and trade group representatives about threats to the financial system. The commission also has hired the management consulting firm Booz- Allen & Hamilton to interview another 100 executives and provide research help.
These industry leaders are aware of security threats and taking precautions, Mr. Daly said.
"In the financial services industry, there is a fairly uniformly high understanding of this matter," Mr. Daly said. "Some of the best work is being done on Wall Street."
But institutions are not spending enough to protect themselves, said L. Dain Gary, a Booz-Allen information systems security specialist. And they may not fully appreciate that damage to banks as a group, such as an attack or the fallout from a massive credit card fraud scheme, could injure the national economy, experts said.
"You send the marines to Bosnia, you don't send the American Bankers Association," Mr. Gary said, "but this (financial) infrastructure is a fundamental element of the national security and viability in the world marketplace."
Financial institutions are often leery that federal officials will require security overkill, which could add costs and slow down their services, said Kawika Daguio, an ABA specialist in electronic banking issues.
"You worry when someone says, 'I'm here from Washington, and I want to help you,' " Mr. Daguio said.
But the commission has demonstrated sensitivity to the private sector's concerns, Mr. Daguio said. "They recognize industry leadership and industry-driven responses are the best solution," he said.
One way to win over the private sector, experts agreed, would be to develop incentives for private investment in infrastructure protection. Suggestions from financial institutions are welcome, according to Mr. Daly.
But he said tax incentives are unlikely, given tight budgets. The commission is studying alternatives such as sharing government-sponsored research with the private sector.
Financial services companies might be willing to meet the government halfway on some issues.
For instance, institutions would resist being forced to tell the government every time a hacker tried to penetrate their computers, Mr. Daguio said. Such attempts are extremely frequent and generally unsuccessful. Having to report them would be expensive and damaging to a bank's reputation, Mr. Daguio contended.
He said banks would be willing to share that information with each other for security purposes, however, and might agree to present the data to the government in an aggregate, anonymous form.
Mr. Daly cautioned that due to rapid technological change no solutions will be permanent, but he said the commission should strive to lay a foundation on which government and business can cooperate to meet future challenges.
