Banking staff in London’s financial district will, tomorrow, take part in a large-scale exercise to see how they would cope in the event of a real cyber attack.
The ‘war games’ scenario, dubbed “Waking Shark II” according to Reuters, is a replay of a similar event which took place on March 11 2011.
That first Waking Shark event engaged over 100 people from across 33 organisations spread across the realms of financial services, infrastructure providers and the financial providers. Experts from the serious organised Crime Squad (SOCA), the Payments Council, the Cyber Security Operations Centre (CSOC), BT and O2 were also on hand for the exercise.
The 2011 event simulated a cyber attack across the breadth of financial services, including wholesale and retail payments and online services. The personnel involved had a broad range of experience and roles and included hedge funds, banks, brokers, insurers and asset managers.
This year’s event, coordinated by the Bank of England, the Treasury and the Financial Conduct Authority, is expected to be much larger and will have a focus upon investment banking operations.
Beyond that, the exercise will also look at the effects upon ATM cash availability as well as the challenges of dealing with a liquidity squeeze in the wholesale market. Observers will also look closely at how the various financial organisations communicate, both between themselves, and with the authorities too.
The results of the exercise, along with any lessons to be learned, are likely to be released either at the end of this year or at the beginning of 2014.
The UK is not alone in running such cyber war games – New York recently undertook a similar test called “Quantum Dawn 2.”
The findings from that exercise suggested that US financial services could make improvements in:
“sector-wide incident command structure and processes, systemic risk assessment and decision process, and communication and information sharing.”
Whatever the outcome of the UK’s own test tomorrow, the timing could well be considered apt. Just two months ago it was reported that eight men had been arrested in conjunction with a £1.3m theft from Barclays Bank. In the same month it was also reported that another twelve men had been detained following a plot to steal millions from Santander by taking over a computer remotely.
The financial sector in the UK often runs ‘games’ which assess its readiness to deal with a wide variety of different scenarios including freak weather, transport disruption and other potential large-scale disruptions. Testing the ability of the industry to deal with cyber attacks may, however, be the most useful of the exercises, given those recent attacks.