View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 23, 2011

UK banks stress test defences against cyber attack

Traffic infrastructure disruption during the London 2012 Olympics also examined

By Steve Evans

UK banks have taken part in an exercise designed to test their defences against a possible cyber attack. The tests also examined how financial institutions would cope if there was a major disruption to the transport infrastructure during the London 2012 Olympic Games.

In total 87 banks, including Barclays, HSBC, Lloyds, and Royal Bank of Scotland, took part in the test. The mock cyber attack was designed to test how well telecommunications and Internet services would stand up in the face of a massive online attack.

The scenarios played out included what would happen if an attack took cash machines out of service.

"We have designed a scenario that will test the ability of participants to respond to a concerted cyber attack on the financial sector," said the FSA in a statement. "Thus, there is a strong focus upon dependencies on telecommunications and the internet as well as managing the return to business as usual."

Sian John, UK Security Strategist at Symantec, said that the exercise was very encouraging, as it shows financial institutions are putting security at the top of the agenda.

"Often you see security being considered at the last minute rather than being engineered into projects and infrastructures from day one so it’s very encouraging to see an important sector like this taking part in preventative measures," she said.

"Threats are becoming increasingly targeted and focused on accessing information that can be used for malicious gain or sold on via underground markets," she added. "An exercise like this will demonstrate exactly how robust their systems are and where the vulnerabilities lie. It may mean they need to reconsider back up sites for example or rethink security altogether – whatever the results it’s a nice illustration that financial institutions are proactively looking to manage risk."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

An Exercise Report will be published early next year discussing the results of the test, alongside a Post Exercise Conference, the FSA said.

London 2012 Gerry Pennell recently said it would be very difficult to launch a successful cyber attack on the Games themselves, due to the way his team had built the tech infrastructure.

"We will be using a content distribution network to push data out, which means our dependency on a central host architecture is much lower. What that means is that it is very hard to launch a distributed denial of service attack (DDoS), simply because our front-end is so dispersed," he said.

"We designed our approach to information security into our architecture from the beginning," Pennell continued. "We keep mission-critical Games systems, such as anything to do with distributing results, quite insulated from other components of the network, particularly anything web-facing, thus making it extremely hard for an external attack to succeed."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.