Full Report
Watchdog links schedule change to replanning of UK payments system overhaul The European Central Bank's (ECB) decision to delay its move to a new messaging standard in 2022 ended up costing the Bank of England £23 million as it was forced to adjust migration to a new settlement system to avoid compounding risks.…
Analysis Summary
# Incident Report: Central Bank Payment System Migration Delay Cost Impact
## Executive Summary
This report details a financial impact event stemming from an external scheduling conflict rather than a traditional cyber security breach. The European Central Bank's (ECB) delay in migrating to the ISO 20022 messaging standard placed its schedule too close to the Bank of England's (BoE) scheduled launch of its Real-Time Gross Settlement (RTGS) system renewal. This external "shock" forced the BoE to replan its migration, incurring an estimated direct financial cost of £23 million to avoid compounding operational risks for UK payment settlement services.
## Incident Details
- **Discovery Date:** Not explicitly stated; impact materialized after the ECB announcement/re-planning.
- **Incident Date:** ECB announced delay in October 2022, forcing BoE's second re-plan during Winter 2022-2023.
- **Affected Organization:** Bank of England (BoE)
- **Sector:** Financial Services (Central Banking/Payment Systems)
- **Geography:** United Kingdom
## Timeline of Events
### Initial Access
- **Date/Time:** ECB announced delay in October 2022 (Previously scheduled for 2022, moved to June 2023).
- **Vector:** External dependency scheduling conflict (Change in ECB messaging standard migration date).
- **Details:** ECB moved its ISO 20022 migration to June 2023, only four weeks before the BoE's planned RTGS launch.
### Lateral Movement
- N/A (Event was a schedule conflict, not an intrusion).
### Data Exfiltration/Impact
- **Impact:** Forced replanning of the BoE's RTGS migration, leading to increased costs and schedule adjustments to maintain operational safety.
### Detection & Response
- **Detection:** Consultation with RTGS users identified that the proximity of the two migrations presented "too high a level of change for users to manage safely."
- **Response Actions:** The BoE decided to defer its own migration date and launch date for the new RTGS system.
## Attack Methodology
Since this was not a malicious attack, the standard MITRE ATT&CK categories are not applicable. The driving factor was an **External Incompatibility/Dependency Risk**.
- **Initial Access:** N/A
- **Persistence:** N/A
- **Privilege Escalation:** N/A
- **Defense Evasion:** N/A
- **Credential Access:** N/A
- **Discovery:** N/A
- **Lateral Movement:** N/A
- **Collection:** N/A
- **Exfiltration:** N/A
- **Impact:** Operational and Financial impact due to necessary system replanning.
## Impact Assessment
- **Financial:** £23 million cost increase due to schedule adjustment, on top of an overall RTGS program cost of £431 million (15% above plan).
- **Data Breach:** None reported.
- **Operational:** Required the BoE to undertake a second re-plan of its critical RTGS system renewal program to maintain safe operation.
- **Reputational:** Reported by the National Audit Office (NAO), indicating public scrutiny over project costs.
## Indicators of Compromise
- N/A (No malicious technical indicators).
- **Behavioral Indicators (Organizational Risk):** Compounding schedule pressures between critical financial infrastructure projects.
## Response Actions
- **Containment measures:** Consultation with RTGS users to assess risk tolerance.
- **Eradication steps:** N/A
- **Recovery actions:** Deferral of the BoE's RTGS migration date and subsequent replanning, utilizing contingency funding as noted in the 2020 business case.
## Lessons Learned
- **Key Takeaways:** Large-scale financial infrastructure projects relying on external, linked standards (like ISO 20022) introduce significant risk through dependency scheduling.
- **What could have been done better:** The NAO suggested the BoE could have considered retaining a higher cost range or estimating a higher contingency buffer in earlier stages to better factor in "unknown" external risks.
## Recommendations
- **Prevention measures for similar incidents:** Establish robust dependency mapping for external regulatory/standard changes. Incorporate higher contingency buffers in business cases for critical national systems susceptible to external international migration shocks.