Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
What led to the freezing of transactions worth millions of pounds?
In July, the Bank of England experienced a payment system failure due to the expiration of the certificate in the bank's infrastructure. As a result, the CHAPS system was disrupted, which processed £6.9 trillion in payments in August. It was possible to restore work in 91 minutes, but during this time there were serious problems with processing transactions.
The incident was detailed in the Bank of England's annual report on the modernization of payment systems. The type of expired certificate is not specified, but most likely we are talking about an SSL/TLS certificate that provides a secure connection and confirms the authenticity of the system. Manually tracking the expiration dates of such certificates can cause unpredictable failures and data leaks, requiring automated data management.
This is the fourth disruption of the Bank of England's payment systems in 2024 and the second related to certificates. In January, there was also a 39-minute outage in the RTGS system that affected CHAPS and CREST, but the cause of the incident remained unclear.
The RTGS system that powers CHAPS is undergoing an update. The transition to a modular structure of the new TS3 management and accounting system is designed to simplify the connection of new financial institutions. However, at the moment, adding new members to the system is difficult: preparing for each stage of the RTGS update requires technical preparation and time constraints on changes. The following slots for connecting organizations to the system will be available only in 2025.
In addition to the July incident, other outages have been recorded over the past year: a 36-minute outage on October 26, 2023 due to network configuration issues, and a 6-minute outage on June 17, 2024 caused by a malfunction in the internal component of RTGS. In addition, on July 18, 2024, there was a global failure in the CHAPS system lasting 245 minutes due to problems with the Y-Copy service from SWIFT.
According to experts, manual management of digital certificates remains a problem for many organizations. For example, security specialist Tim Callan from Sectigo noted that this is a time-consuming process that makes it difficult to update certificates in a timely manner. Moreover, in the near future, it is planned to reduce the maximum validity period of TLS certificates from 398 to 90 days, which will increase the burden on IT teams during manual management and may lead to even more failures and leaks.
Source
In July, the Bank of England experienced a payment system failure due to the expiration of the certificate in the bank's infrastructure. As a result, the CHAPS system was disrupted, which processed £6.9 trillion in payments in August. It was possible to restore work in 91 minutes, but during this time there were serious problems with processing transactions.
The incident was detailed in the Bank of England's annual report on the modernization of payment systems. The type of expired certificate is not specified, but most likely we are talking about an SSL/TLS certificate that provides a secure connection and confirms the authenticity of the system. Manually tracking the expiration dates of such certificates can cause unpredictable failures and data leaks, requiring automated data management.
This is the fourth disruption of the Bank of England's payment systems in 2024 and the second related to certificates. In January, there was also a 39-minute outage in the RTGS system that affected CHAPS and CREST, but the cause of the incident remained unclear.
The RTGS system that powers CHAPS is undergoing an update. The transition to a modular structure of the new TS3 management and accounting system is designed to simplify the connection of new financial institutions. However, at the moment, adding new members to the system is difficult: preparing for each stage of the RTGS update requires technical preparation and time constraints on changes. The following slots for connecting organizations to the system will be available only in 2025.
In addition to the July incident, other outages have been recorded over the past year: a 36-minute outage on October 26, 2023 due to network configuration issues, and a 6-minute outage on June 17, 2024 caused by a malfunction in the internal component of RTGS. In addition, on July 18, 2024, there was a global failure in the CHAPS system lasting 245 minutes due to problems with the Y-Copy service from SWIFT.
According to experts, manual management of digital certificates remains a problem for many organizations. For example, security specialist Tim Callan from Sectigo noted that this is a time-consuming process that makes it difficult to update certificates in a timely manner. Moreover, in the near future, it is planned to reduce the maximum validity period of TLS certificates from 398 to 90 days, which will increase the burden on IT teams during manual management and may lead to even more failures and leaks.
Source
