Tuesday, November 12, 2013

‘Waking Shark II’: Cyber-attack test for London banks

‘Waking Shark II’: Cyber-attack test for London banks Reuters / Andrew Winning

A simulated cyber-attack on financial markets, codenamed “Waking Shark II,”   will be held in London later on Tuesday to determine how well the City would respond to a large-scale disruption of Internet services.
Hundreds of employees from London’s financial sector will participate in the drill, led by a team from Credit Suisse, who have created a ‘real-time’ scenario to be given to the participants in stages. 
The simulation is anticipated to measure the City’s level of preparedness in handling a major cyber-attack on computer systems targeting stock markets and rippling through social media, sources told Reuters.
The cyber ‘war games,’ the details of which have remained top secret, will also allow the various agencies to determine how well banks and companies “communicate and coordinate with authorities and each other,” one of the sources revealed.
The “Waking Shark II” exercise will be supervised by officials from the Bank of England, Treasury and Financial Conduct Authority, as well as British cyber agencies. A number of financial institutions will also be participating in this year's test, including Barclays, BNP, Bank of America, CHAPS, Commerzbank, Credit Suisse, Deutsche Bank , Euroclear, Goldman Sachs, HSBC and JP Morgan.
The cyber drill, which follows a simulation held in New York this year, dubbed "Quantum Dawn 2," will help security experts and fall-back programmers to make rapid decisions and communicate effectively with their industry colleagues at a moment of extreme stress where every second counts.
With hundreds of billions of dollars riding on the line, this is of no small significance.
One unnamed London-listed company suffered losses of 800 million pounds ($1.29 billion) in a cyber-attack several years ago, British security services revealed in a Sky News report.
As the threat of another cyber-attack seems to be more a matter of when than if, the Bank of England has warned banks to beef up their defenses.
Andrew Wingfield, a London-based partner at law firm, SJ Berwin, said the effect of the exercise will influence future regulation.
"The more immediate result will be to affirm or call into question the UK's position as a safe haven for investment and as a global leader in financial services," he told Reuters.
According to David Emm, senior security researcher at internet security company, Kaspersky Lab, a high level of communication is crucial in the immediate moments following a cyber-attack.
"Businesses must have a plan of action which includes all relevant stakeholders from both internal and external parties,” he told Sky News. "Communication across other sectors can be important as the effects on one company can have far reaching consequences for many others".
While the UK government is serious about the threat of a coordinated cyber-attack on the country’s financial heart, Emm said “more work still needs to be done to help all businesses adopt a more secure mindset, and exercises like this help contribute to this."
Results and recommendations from the test will be released early next year.
The last time such an extensive cyber drill took place was in 2011, when various agencies practiced how they would handle a cyber-attack during the London Olympics.