Feeds

RBS collapse details revealed: Arrow points to defective part

Software that caused cockup apparently run from India

SANS - Survey on application security programs

Exclusive The tech problems at the RBS banking group that left millions of people unable to access money for four days last week were caused by a failure in a piece of batch scheduling software, sources have told The Register.

And at least some of the support staff for that software have been outsourced to India - as recently as February.

Batch scheduling software is used to process routine jobs on a computer without the need for manual input: jobs are prioritised, scheduled and performed automatically - saving human time and using computer resources more efficiently. However the batch scheduling software needs to be maintained and overseen and it's there that our two sources believe the error occurred.

The main batch scheduling software used by RBS is CA-7, said one source, a former RBS employee who left the company recently.

They have more than one type of batch processing software. But the vast majority is run on CA-7.

A second former employee, familiar with RBS's use of the CA-7 tool, confirmed that the majority of batch processing at RBS was performed using the software and fingered a failed update as the cause of the problem:

RBS do use CA-7 and do update all accounts overnight on a mainframe via thousands of batch jobs scheduled by CA-7 ... Backing out of a failed update to CA-7 really ought to have been a trivial matter for experienced operations and systems programming staff, especially if they knew that an update had been made. That this was not the case tends to imply that the criticisms of the policy to "off-shore" also hold some water.

RBS in previous statements have confirmed that the problem occurred on Tuesday night. RBS engineering teams started to work on a fix on Wednesday morning, but the problem was not cracked until the weekend.

Possible reasons for the failure of the update include inadequate testing, perhaps exacerbated by poor documentation.

Staff who oversee batch scheduling for RBS are based in India

At least some staff overseeing CA-7 batch scheduling software used by RBS are based in India as this job advert for a CA-7 admin in Hyderabad, dating from February this year shows:

A job advert for a CA-7 post for RBS, screengrab Quikr

The job advert, dating from Feb 15th is marked as an "Urgent Requirement"

Note that this is an Urgent Requirement from RBS. The job would be paid 8-10 lakh rupees, a salary of roughly £9,000 - £11,000.

RBS have shifted IT jobs to India as the bank has tried to cut costs after its bailout by the government in 2008. There have been significant job cuts at the RBS group in the past 3 years. The government still owns the majority of RBS.

RBS's response

When asked to confirm that the CA-7 software lay behind the problems seen last week, RBS refused to confirm what software exactly was involved.

The RBS spokesman stated that "the software error occurred on a UK-based piece of software" but declined to give details on where the staff overseeing the software were based. ®

SANS - Survey on application security programs

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.