News

02:30 PM
Connect Directly
RSS
E-Mail
50%
50%

Banking System Defiant in Katrina’s Aftermath

In the wake of Hurricane Katrina, banks' disaster recovery plans and backup systems are put to the test.

Amidst the chaos immediately following Hurricane Katrina, it was reassuring to see at least one entity had its act together -- the financial services sector. Even before the floodwaters began to recede, banks in the hurricane zone were in action, attempting to restore their operations.

Although there was no mass disruption of the large-value payments systems and core systems that occurred after 9/11, Katrina's effects were no less significant from a retail banking perspective. Consumers' ability to simply subsist depended on their being able to access their funds. This became a top priority for banks.

"In New York with 9/11, it was a matter of seeing if the payments and settlement systems worked. With Katrina, it's more 'My ATM doesn't work. How am I, as an individual, to accomplish the banking services I need to enable me to survive?'" explains Doug Johnson, senior policy analyst with the American Bankers Association. "From a public confidence standpoint, it's about our being able to affect smaller value transactions to enable individual customers to survive."

The ABA is just one of the organizations that has been working with government agencies to assist its member banks and consumers in the hurricane's aftermath.

"There is enormous support from the state bankers associations, state banking commissions, the FDIC, the NCUA and the national trade associations," comments Donald Donahue, chairman of the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (FSSCC), a public/private sector partnership. "Katrina affected the ability [of banks] to directly meet the financial needs of people. Are the ATMs working? Is there sufficient cash in the affected areas? Are people able to use plastic? The Fed has gone out of its way to make sure there are no cash shortfalls in the area."

Banks' disaster recovery plans and backup systems were put to the test. Although many banks in the hurricane zone sustained some kind of physical damage, insiders claim that so far, they have heard no complaints from financial institutions from a data recovery standpoint. According to Chad Driskell, director of government relations with the Mississippi Bankers Association, "All the banks in Mississippi were up and running as of Tuesday (Sept. 6). ... I don't know if there's a stick to measure [backup systems] by, but our banks are operating. They all recovered to their backup sites, some faster than others. Some had infrastructure damage, but the bankers did what they had to to get going again."

"There was only one institution as of [Sept. 8] that wasn't picking up ACH files," says the ABA's Johnson. "If you have only one bank not picking up ACH files, that speaks for itself." This also speaks well of the industry's third-party service providers, comments Bob Schmermund, EVP for corporate communications with America's Community Bankers.

In spite of the banks' systems being operational, there was one problem in actually getting them online -- lack of power. Although the banks were ready on their end, the local infrastructure was the weak link in the chain. The real issues affecting banks were basic, explains ACB's Schmermund -- communications, with both customers and employees; facilities, where some banks are having to share physical space; utilities, where there is lack of electricity and telecommunications; security; and transportation.

"We've heard about some cash and liquidity problems, but it wasn't due to bureaucratic inefficiencies but to the basic issue of there not being enough armored trucks and fuel to haul in the cash," he says. "There was no news about data processing issues. It's more that the basics just weren't being taken care of."

Regardless of these stories of success, it is important to note that things are not completely back to normal. In fact, some branches have been completely wiped out. "I'm sure the smaller retail financial institutions were significantly impacted by Katrina," comments FSSCC's Donahue. "A big national bank can fall back on other locations. But the industry and the regulatory community have responded very strongly to help the banks."

"I'm proud to represent these folks," says the ABA's Johnson of the banking community. "[The ABA is] going to work hard to make sure the smaller banks aren't affected more than the big ones. We want to make sure customers have full confidence in the financial system regardless of the size of the institution."

Calls to the Louisiana Bankers Association and Community Bankers of Louisiana were unable to connect at press time.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Here is what the client expects us to develop...
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.