Operational resilience: What have U-boats got to do with it?

Russia’s invasion of Ukraine has put geopolitics firmly back on the agenda. But, as we have seen, geopolitics and cyber risk are now inextricably linked. Hybrid warfare, not hybrid working, should be top of network managers’ agendas.

In 1942, eight German saboteurs rowed ashore on America’s East Coast, hitting land at Long Island and Miami. They had been dropped offshore by U-boats sent by Abwehr high command. Their mission? To destroy key economic infrastructure: hydroelectric plants in Niagara Falls; an aluminium company; locks on the Ohio River; a crucial piece of Pennsylvania’s railroad; and Pennsylvania Station itself. They wanted to take America out of the war, or at least demoralise its people enough to provoke civil unrest.

Hybrid economic warfare is nothing new, but the tools at malicious actors’ disposal are constantly evolving. In May 2023, senior leaders from CSDs around the world met in Prague for the World Federation of CSDs. When they were asked, “Which potential cause of systemic risk most concerns you in your market?”, 63% chose cyber attack.

The cyber threat to capital markets is no longer theoretical. At the WFC, Oleksii Yudin, Chairman of the National Depository of Ukraine (NDU), described the wave of cyber attacks that NDU suffered in the first weeks of the war. 

This, combined with the physical threat to NDU’s data centres in Kiev, posed a serious threat to NDU’s mandate for asset safety in Ukraine. “A CSD cannot be allowed to fail under any circumstances,” said Yudin, because shareholders have a right to their property. NDU rapidly moved a data centre to western Ukraine and set-up cloud DR, but if the first days of the war had gone differently, investor assets in Ukraine could simply have been lost.

Managing risk with Thomas Murray 

Due diligence must never be a tick-box exercise. When banks fail, internal controls and procedures tend to break down as managers try everything to save the entity.  When countries go to war the laws and regulations governing asset ownership, liquidity and cross-border transactions are changed at the drop of a hat. Third-party risk management is about cutting through the PR and understanding fundamental risk. 

Orbit Risk is the only comprehensive solution for network managers to monitor risk centrally: 

• Orbit Diligence automates and digitises the DDQ process;
• Orbit Security allows you to monitor companies’ cyber security posture with data-driven ratings; and 
• Orbit Intelligence gives you access to Thomas Murray’s unique suite of post-trade risk assessments, validated with on-the-ground due diligence, and real-time market intelligence from our unique network of support banks. 

Book a demo with the team today to see what Orbit Risk can do for your organisation.

This article originally appeared in Issue 11 (Summer 2023) of TNF Journal.