When asked why he always went after banks, the famed Depression-era robber Willie Sutton once explained that he picked them because "that's where the money is."

Nowadays, with more banking transactions performed over electronic networks than teller windows, a federal agency believes the same logic might appeal to cyberterrorists.

In a report released this week on "Efforts of the Financial Services Sector to Assess Cyber Threats," the U.S. General Accounting Office concluded that entities handling monetary transactions face a particularly high risk of attack by criminals or terrorist organizations.

The GAO, the investigative arm of Congress, included financial services in a list of industries that provide so-called "critical infrastructure," such as telecommunications or electrical power.

In the case of financial services, the GAO found that "the potential for monetary gains and economic disruptions may increase its attractiveness as a target."

In the online context, however, Sutton's logic plays out on a bigger scale. As of mid-2002, the report estimates, financial services providers in the United States, including commercial banks, insurance companies, mutual funds, pension funds and securities brokers, among others, held more than $23.5 trillion in assets.

Increasingly, assets are changing hands over computer networks, for purposes ranging from Internet banking to electronic stock trading to the backend operations required for settling transactions. But the growth of these services, the GAO found, "has also increased the degree of access to the systems used to support these services." As access grows, so does the risk of criminal intrusions.

[ Read more ]