View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 2, 2015

UK and US to stress test the financial system under cyber security attack

News: Would comms cope when the financial services sector comes under sustained attack

By Charlotte Henry

How Britain’s financial system would cope under a sustained cyber attack is to be tested.

Dubbed by some as a ‘war gaming’ the UK and US Governments are to test communications between each other and between governments and the financial sector in the event of a major cyber attack.

The operation is the first action following an agreement between the UK and the US to co-operate further to protect national infrastructure from cyber attacks which was struck between President Obama and Prime Minister David Cameron in January.

The countries decided the financial sector would be made a priority.

A report in the Sunday Times described an operation between the Bank of England and the US Federal Reserve which had the working title Resilient Shield.

But the UK National Computer Emergency Response Team (CERT), who will be co-ordinating the exercise, said the planned testing did not amount to a war game.

A CERT spokesperson said that it was not a war game, and will not include live play, or seek to test the finance sector on detailed sector issues, although it will test communication and co-ordination links.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Instead the exercise will test "government-to-government, government-to-sector, and high level sector-to-sector links; include a series of activities, including table-top exercises and communications checks; focus on communication and co-ordination mechanisms across government and the finance sector; test real time sharing of information."

The U.S. Computer Emergency Readiness Team (US-CERT) is named as a key operator on the US side in the January agreement.

A formal announcement is expected this week, with the operation taking place this month.

Andrew Silvester, head of campaigns at the Institute of Directors, whose membership includes CIOs said: "It’s absolutely crucial that we have a joined up approach to tackling cybercrime across government, institutions and businesses and exercises like this will be crucial to ensuring that our defences are suitably robust."

Two years ago, the Bank of England ran a cyber security exercise called Waking Shark II.

Rob Norris, director enterprise and cyber security, UK & Ireland, at Fujitsu, said: "CIOs in the banking industry are facing an unenviable challenge – securing multi-channel environments while ensuring customer experience does not suffer. What is paramount is that the industry does not overlook or get complacent about security or place it in the "too big to fix" category."

Richard Brown, director at cyber security firm Arbor Networks, said: "The financial services industry is a critical part of the UK economy and has always been a lucrative target for attackers because of the sheer value of the data held within it – after cloud and hosting providers, financial services are the most common target for DDoS attacks."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.