The RBS and NatWest IT breakdown: Life's a glitch (and then you cry)

A computer bug at RBS has left thousands of bank customers without cash – but such trials are just another part of modern life. Jerome Taylor reports

Jerome Taylor
Tuesday 26 June 2012 06:59 EDT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

In the Hollywood action thriller Die Hard 4 there is a moment when Bruce Willis's ageing New York detective, John McClane, discovers just how much havoc can be wrought through a computer keyboard. Hackers have infiltrated America's IT systems and brought the country to its knees, taking down the transport grid, crippling its banking sector and knocking out key utilities such as water and electricity. It is left up to a more informed younger colleague to explain what has happened. "They call it a fire sale," he says. "Because everything must go."

In many ways the film is Hollywood at its most paranoid. But it taps into our legitimate concerns that the world's overwhelming reliance on computers leaves us acutely vulnerable when they go wrong or are attacked. Computers make the world go round and grease the cogs of industry. But like any piece of machinery, sometimes they break down.

The recent collapse of IT systems at the Royal Bank of Scotland, NatWest and Ulster Bank offer us a vivid illustration of how vulnerable we become when computers say no. For the past seven days thousands of people up and down the country have had trouble with their bank accounts after a reported software update at parent company RBS went wrong and caused the banks' IT systems to break down. For many angry customers, bills have gone unpaid, holidays have had to be abandoned and pay day has yet to come.

Yesterday, RBS group chief executive Stephen Hester promised customers that the banks had "turned a corner" in dealing with the defective systems and said senior executives would face "proper accountability" for the fiasco. An email sent to account holders added that the banks would waive overdraft fees for those caught up in the payments backlog. But last night as consumer confidence continued to plummet, Mr Hester was facing calls to be stripped of his bonus for a second year.

Sadly RBS is not the only banking group within the global financial sector to have been hit by computer glitches. In the past two years, HSBC, JP Morgan and TD Bank have had to navigate their way through angry consumer backlashes after their IT systems suffered glitches. Earlier this month, just half an hour of computer troubles on the American stock exchange racked up a $40m bill for Nasdaq, which had to reimburse investors who tried to by Facebook shares but couldn't.

"Taken on an individual basis these glitches seem like small fry," said one IT expert within the banking sector, who asked not to be named. "When you add them up, though, you have to start asking yourself whether we're really doing enough to make sure we are prepared for the worst case scenarios."

But banking is only one sector among thousands that need computers to work properly.

"Ultimately, when you look around there's barely an industry or system that doesn't rely on computer technology to run some of its core functions," says Rik Ferguson, a cyber-security analyst at Trend Micro. "The telecoms industry is a real concern because by its very nature it has to be connected to the web. But there are also real vulnerabilities in healthcare and the world of finance."

Cyber security is often portrayed as protecting an organisation from outside attack. The threat of hackers and those who want to break in to steal data, money or just create carnage is real. But while companies spend millions building walls to keep people out, they often fail to make sure the houses inside are constructed properly.

"People spend so much time, effort and energy trying to beef up their security for external threats rather than worrying about internal weaknesses," says Jay Sappidi, senior director at CAST Research Labs, which specialises in testing the quality of software coding, the building blocks of IT programmes. "It's like building a house. You create a building which has a bedroom, a kitchen and a bathroom. Everything appears to be working fine. But what you haven't done is tested whether it can withstand a heavy rainstorm or an earthquake."

RBS's current software woes do not appear to have been caused by an external threat. Official company statements have so far blamed unspecified "technical glitches". But insiders say the problems began when a software update went wrong causing a malfunction in the payments system which then created a crippling backlog.

Critics – including the Unite union and IT experts – have accused the bank of compromising its computer systems by outsourcing key work to India. RBS has insisted the software glitch was a UK problem, which rules out outsourcing but does little to defend the company from the accusation that its coding was not up to scratch.

While companies fear external attacks, more often than not it is poor coding and software glitches that create havoc. Late last year, millions of BlackBerry users around the world had limited or no access to their emails. Much of the press speculation surrounding the cyber systems of the Canadian mobile phone manufacturer had concentrated on whether their emails could ever be cracked by authoritarian regimes or hackers. In the end, what compromised BlackBerry's ability to deliver to its customers was a comparatively simple server swap that went wrong.

Critical utilities – such as power stations, electricity grids and water providers – are largely kept off the internet for security reasons. But the recent cyber attacks on Iran's nuclear facilities have shown that there are still ways to infiltrate closed networks.

But even if companies have secure IT systems, they still have to plan for breakdowns outside their control such as the internet going down. Cyber space is often thought of as an entirely ephemeral thing. But while data is pinged around the world wirelessly the internet itself still relies on physical structures such as servers and cables. And like any physical structure, it can be damaged.

Cables are particularly vulnerable. Earlier this year, nine countries across East Africa and the Middle East experienced a dramatic slowdown in internet speeds and disruption to phone calls.

You could be forgiven for thinking something enormous had occurred. In fact, the cause of the problem was a single ship, moored outside the Kenyan port of Mombasa, which had dropped its anchor on to the only fibre optic cable delivering the internet to East Africa. Let's hope the same thing doesn't happen in the English Channel.

Waiting to go wrong? Weak spots in modern life

Financial markets: A temporary software glitch earlier this month cost Nasdaq more than $40m during the flotation of Facebook's shares. The US tech stock exchange had to compensate investors who were unable to buy shares when the market opened.

Cloud computing: Amazon suffered a highly embarrassing bug last spring when part of its much vaunted cloud service went down. Client websites such as Quora and Reddit were temporarily forced offline because they relied on Amazon's servers

Fibre optics: Millions of internet users in nine countries across East Africa and the Middle East saw dramatic slowdowns in internet speed earlier this year when a ship's anchor damaged the only fibre optic cable bringing internet to the area.

Cyber warfare: When Russia went to war with Georgia over the breakaway republic of South Ossetia in 2008 we saw the closest thing yet to a fire sale. Coordinated cyber attacks were launched against media, communications and transportation companies, paralysing Tbilisi's ability to communicate.

Air travel: LA International airport virtually shut down in 2007 when crucial internet cables burned out. Thousands of passengers were stranded for 24 hours before the problem was resolved. More recently, a persistent bug cost United Airlines hundreds of millions of dollars earlier this year.

Personal banking: Banking chiefs at NatWest and RBS insist that they are over the worst of the technical issues but customers are still complaining of payment issues. NatWest has waived overdraft fees and told customers they can withdraw £100 more than their limit over the next few days.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in