Feeds

'Nervous' London bankers run mock cyberattack exercise

Banks test resilience of financial system as Occupy protestors mass outside

Providing a secure and efficient Helpdesk

London banks are taking part in a simulated cyberattack exercise on Tuesday designed to test the resilience of the UK's financial service industry to a collapse of telecoms systems and Olympics-related transport disruption.

The exercise is occurring against the real world backdrop of the Occupy the City protestors, camped outside the Square Mile. The joint Financial Services Authority, Bank of England and Treasury initiative involves staff from around 80 banks. An outline of the scenario to be played out on Tuesday by UK Financial Sector Continuity explains that the excise will look at responses to simulated cyber-attack and internet service disruption.

We have designed a scenario that will test the ability of participants to respond to a concerted cyber attack on the financial sector. Thus, there is a strong focus upon dependencies on telecommunications and the internet as well as managing the return to business as usual.

It will also examine the impact of transport disruption against the backdrop of the Olympics.

In response to feedback, we have released the scenario well in advance so facilitators have more time to review injects and their impacts, engage the right people and in-house experts and organise their participation on exercise day. We have reduced the focus on crisis management and included a dedicated strategic element on exercise day.

Sian John, UK security strategist at Symantec, commented: "With more than 80 companies lined up to take part in the exercise today there are likely to be plenty of nervous bankers in the UK waiting to see the results of this test. Often you see security being considered at the last minute rather than being engineered into projects and infrastructures from day one so it’s very encouraging to see an important sector like this taking part in preventative measures.

"Threats are becoming increasingly targeted and focused on accessing information that can be used for malicious gain or sold on via underground markets. An exercise like this will demonstrate exactly how robust their [banking] systems are and where the vulnerabilities lie. It may mean they need to reconsider back up sites for example or rethink security altogether – whatever the results it’s a nice illustration that financial institutions are proactively looking to manage risk."

Henry Harrison, Technical Director at BAE Systems Detica, said that the scenario played out through the exercise needs to be as thorough and realistic as possible in order to yield the best possible results.

"It is very pleasing to see the financial sector taking the threat of cyber attack so seriously and we hope that other sectors will follow suit," Harrison said. "The key to this sort of exercise is using sufficiently representative scenarios. This is as true for cyberattack scenarios as for financial disaster scenarios – while it is simple to imagine situations such as a total loss of communications, realistic scenarios should also include the loss of confidence in the integrity of data or key systems, or indeed the loss of confidence in the confidentiality of communications between different players in the system." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.