Lord Stephenson - dishonest or delusional?

Ex-chairman of HBOS called to account.

The Bank of England has said that the economic impact of the financial crisis was on a par with the Second World War. And the wannabe Inglorious Basterds on the Parliamentary Commission on Banking Standards continue to call to account the war criminals.

It all feels a bit like old news now… We know full well that HBOS was badly run. We know about the secret bailouts, the “spirit of optimism” that led to disaster.

This week it was the turn of Lord Stephenson. The ex-chairman of HBOS was - and still is - suave and silver-tongued. He is the kind of man who you believe when he says something like

..there was just no way we [the HBOS leadership] were encouraging a culture of excessive risk-taking.

But one committee member – Lord Lawson – wasn’t having any of it. “You are living in cloud cuckoo land,” he said.

And to remind ourselves just how risk-averse HBOS was in the lead-up to the melt-down, we should recall the story of Benny Higgins. A bona fide banking superstar, Benny Higgins joined HBOS in 2006 from RBS, where he had overseen the successful integration of NatWest into the group.

After less than two years, he left HBOS under a cloud, having presided over the dramatic reduction of the bank’s  mortgage book. With hindsight it sounds prudent and praiseworthy action. At the time, however, he was universally pilloried for presiding over such a huge loss in market share.

And in the wake of this “disaster”, silver-tongued Stephenson was there to reassure twitchy stakeholders that the bank would bounce back and regain its position in residential mortgages. Not only that, but he wrote to the FSA (a letter since published by the Commission), emphasising that HBOS was a “highly conservative institution”.

I am not aware of any lurking horrors in our business or our balance sheet. Quite the reverse ... HBOS in an admittedly uncertain and insecure world is in as secure a position as it could be.

Happy to be crossed questioned on this but I hope you know me well enough to know this is neither a bravura nor an ill considered statement.

There you are – a man in control… Confident and reassuring. A year later the bank had been merged with Lloyds and was being bailed out by the taxpayer to the tune of £17 bn.

We could rely on Lord Lawson to remind Stephenson just how much bravura there was in that statement. “Either you were being dishonest when you wrote that or, if you believed it, you were delusional,” he said.

“Spirit of optimism” at HBOS: Photograph: Getty Images

James Ratcliff is Group Editor of  Cards and Payments at VRL Financial News.

Show Hide image

Can Trident be hacked?

A former defence secretary has warned that Trident is vulnerable to cyber attacks. Is it?

What if, in the event of a destructive nuclear war, the prime minister goes to press the red button and it just doesn't work? 

This was the question raised by Des Browne, a former defence secretary, in an interview witht the Guardian this week. His argument, based on a report from the defence science board of the US Department of Defense, is that the UK's Trident nuclear weapons could be vulnerable to cyberattacks, and therefore rendered useless if hacked. 

Browne called for an "end-to-end" assessment of the system's cybersecurity: 

 The government ... have an obligation to assure parliament that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat. If they are unable to do that then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it.

Is he right? Should we really be worried about Trident's potential cyber weaknesses?

Tangled webs 

The first, crucial thing to note is that Trident is not connected to the "internet" we use every day. Sure, it's connected to the main Ministry of Defence network, but this operates totally independently of the network that you visit Facebook through. In cyber-security terms, this means the network is "air-gapped" - it's isolated from other systems that could be less secure. 

In our minds, Trident is old and needs replacing (the submarines began patrolling in the 1990s), but any strike would be ordered and co-ordinated from Northwood, a military bunker 100m underground which would use the same modern networks as the rest of the MoD. Trident is basically as secure as the rest of the MoD. 

What the MoD said

I asked the Ministry of Defence for a statement on Trident's security, and while it obviously can't offer much information about how it all actually works, a spokesperson confirmed that the system is air-gapped and added: 

We wouldn't comment on the detail of our security arrangements for the nuclear deterrent but we can and do safeguard it from all threats including cyber.

What security experts said

Security experts agree that an air-gapped system tends to be more secure than one connected to the internet. Sean Sullivan, a security adviser at F-secure, told Infosecurity magazine that while some hackers have been able to "jump" air-gaps using code, this would cause "interference" at most and a major attack of this kind is still "a long way off". 

Franklin Miller, a former White House defence policy offer, told the Guardian that the original report cited by Browne was actually formulated in response to suggestions that some US defence networks should be connected to the internet. In that case, it actually represents an argument in favour of the type of air-gapped system used by the MoD. 

So... can it be hacked?

The answer is really that any system could be hacked, but a specialised, independent defence network is very, very unlikely to be. If a successful hack did happen, it would likely affect all aspects of defence, not just Trident. That doesn't mean that every effort shouldn't be made to make sure the MoD is using the most secure system possible, but it also means that scaremongering in the context of other, unrelated cybersecurity scares is a little unjustified. 

Barbara Speed is a technology and digital culture writer at the New Statesman and a staff writer at CityMetric.