The British financial system was recently subjected to a simulated cyber attack and while banks showed “considerable progress” they also showed a noticeable lack of knowledge when it comes to reporting security breaches.
This latest exercise was orchestrated by Bank of England (BOE) to test the levels of readiness to cope in the event of a real life situation. The Bank’s conclusion in its report was that lot of work still needs to be done.
It was also noted that a single body is required to head up communications between banks and legal authorities. None has been appointed so far, but the British Bankers’ Association (BBA) has been put forth as a possible contender for the role.
If handed the role, the BBA would manage the response of the banking industry if it were hit by a sustained and widespread attempt to disrupt the financial system.
“It was noted that there was no central industry coordination for financial sector information – sharing and communication to the wider public,” the Bank noted in its report.
In 2013 the Bank ran Operation Waking Shark II to test UK’s financial infrastructure in the event of an all-out coordinated cyber attack on institutions in the system. The scenario revolved around three days of sustained attacks, including denial of service attacks on global websites of major banks.
To give the exercise a sense of realism it was launched to coincide with the so-called “triple-witching” period during which important financial contracts such as index futures and stock options expire.
More than 200 people took part in these war games, which included 14 investment banks and major lenders, six providers of infrastructure, as well as representatives of the BOE, the Prudential Regulation Authority, the Financial Conduct Authority and the Treasury.
The first Operation Waking Shark was in 2011 and focused on cyber threats. Banks and financial institutions have had to learn quickly to respond to cyber attacks, but as there’s still ways to go before security and communication levels are up to par, regulators will organize shorter but more frequent war games.
Cyber attacks have been identified as one of the biggest problems for the banking industry and major financial services groups are tested for weaknesses regularly from a variety of sources, including both criminal gangs and foreign governments.
Most of these attacks are still relatively limited in scope and scale, but some have led to serious security breaches and collapse of core systems.