Cyber and the City: Securing London's Banks in the Computer Age by Ashley Sweetman (review)

Ashley Sweetman's Cyber and the City is valuable reading for any historian researching the intersections of finance and digital technology. The book investigates computer security in London's clearing banks from the 1960s to the 1990s across six chapters. Three "overview" chapters provide wider technological, political, and industrial context on financial computer security from 1960 to 1977, and three "case study" chapters take deeper dives into the role of security in developing three important financial systems still in use: the Bankers' Automated Clearing Services (BACS), the Society for Worldwide Interbank Financial Telecommunications (SWIFT), and the Clearing House Automated Payment System (CHAPS).

Sweetman argues that banks thought about computer security in two ways. First, banks valued confidentiality, integrity, and availability as key virtues of a secure system. Second, banks upheld these virtues by building "resilience" into their systems. Banks assumed that security breaches would happen, and so security measures should mitigate against this to preserve confidentiality, integrity, and availability. Overall, Sweetman concludes that there were no significant shifts or ruptures in this period, which was instead defined by "consensus and continuity," both with predigital and present approaches to financial security.

Cyber and the City's greatest strength is the new histories that it documents. Sweetman has researched several archives and cases that have not received historical attention. In so doing, he gives new insight into the development not just of computer security in finance but also the development of the financial systems themselves. BACS and CHAPS remain crucial to British banking, and SWIFT, as Russia's exclusion in 2022 shows, is globally important geopolitically as well as financially. Their histories are fundamental to understanding the past and present of finance's digital infrastructure, and so Sweetman's book will be an invaluable reference work for their histories.

Furthermore, the book challenges the idea that cybersecurity is about hacks and cyberattacks. Sweetman shows how financial security was more concerned with accidents and faults than malicious attacks and that even when focusing on attacks, banks and security analysts spent much more time concerned with physical threats such as arson and bombings. For example, banks saw the destruction of BACS's computer center as their main security threat and so enacted both physical and technical measures to make BACS resilient to damage. Component failure was a major concern across all three of Sweetman's case studies, and so computer security in these systems often meant creating hardware and software redundancies. In Cyber and the City, computer security is a story of the mundane, material practices of maintenance and contingency planning.

It is this perspective, however, that raises some weaknesses in the book. The book does not explicitly analyze the materiality of computer security, and this is instead my own interpretation. Though the book is a fabulous documentation of computer security in finance, it never places this history within the bigger picture. For example, the growing scholarship on repair and maintenance, spearheaded by Andrew Russell and Lee Vinsel, would help Sweetman articulate with more depth what he means when he describes "resilience," especially to physical faults and attacks, as the key approach in computer security in British finance.

The extensive work on the materiality of financial markets by Donald Mackenzie and his collaborators would also help here, especially Juan Pablo Pardo-Guerra's Automating Finance (2019), which analyzes how "market engineers" transformed British finance across the same period. In Cyber and the City, the materiality of financial security seems key to the smooth functioning of financial markets, but the nuances of this relationship could be thought through more. As it stands, the book does not discuss how this history might develop our understanding of financial markets and how engineers, technologies, and security analysts make them work.

This book could therefore present a richer account that interprets how this history fits into the wider scholarship. Nevertheless, for the histories that it brings to light, it will be an important work for...