UK and US to stress test the financial system under cyber security attack

How Britain’s financial system would cope under a sustained cyber attack is to be tested.

Dubbed by some as a ‘war gaming’ the UK and US Governments are to test communications between each other and between governments and the financial sector in the event of a major cyber attack.

The operation is the first action following an agreement between the UK and the US to co-operate further to protect national infrastructure from cyber attacks which was struck between President Obama and Prime Minister David Cameron in January.

The countries decided the financial sector would be made a priority.

A report in the Sunday Times described an operation between the Bank of England and the US Federal Reserve which had the working title Resilient Shield.

But the UK National Computer Emergency Response Team (CERT), who will be co-ordinating the exercise, said the planned testing did not amount to a war game.

A CERT spokesperson said that it was not a war game, and will not include live play, or seek to test the finance sector on detailed sector issues, although it will test communication and co-ordination links.

Instead the exercise will test "government-to-government, government-to-sector, and high level sector-to-sector links; include a series of activities, including table-top exercises and communications checks; focus on communication and co-ordination mechanisms across government and the finance sector; test real time sharing of information."

The U.S. Computer Emergency Readiness Team (US-CERT) is named as a key operator on the US side in the January agreement.

A formal announcement is expected this week, with the operation taking place this month.

Andrew Silvester, head of campaigns at the Institute of Directors, whose membership includes CIOs said: "It’s absolutely crucial that we have a joined up approach to tackling cybercrime across government, institutions and businesses and exercises like this will be crucial to ensuring that our defences are suitably robust."

Two years ago, the Bank of England ran a cyber security exercise called Waking Shark II.

Rob Norris, director enterprise and cyber security, UK & Ireland, at Fujitsu, said: "CIOs in the banking industry are facing an unenviable challenge – securing multi-channel environments while ensuring customer experience does not suffer. What is paramount is that the industry does not overlook or get complacent about security or place it in the "too big to fix" category."

Richard Brown, director at cyber security firm Arbor Networks, said: "The financial services industry is a critical part of the UK economy and has always been a lucrative target for attackers because of the sheer value of the data held within it – after cloud and hosting providers, financial services are the most common target for DDoS attacks."