UK banks have taken part in an exercise designed to test their defences against a possible cyber attack. The tests also examined how financial institutions would cope if there was a major disruption to the transport infrastructure during the London 2012 Olympic Games.
In total 87 banks, including Barclays, HSBC, Lloyds, and Royal Bank of Scotland, took part in the test. The mock cyber attack was designed to test how well telecommunications and Internet services would stand up in the face of a massive online attack.
The scenarios played out included what would happen if an attack took cash machines out of service.
"We have designed a scenario that will test the ability of participants to respond to a concerted cyber attack on the financial sector," said the FSA in a statement. "Thus, there is a strong focus upon dependencies on telecommunications and the internet as well as managing the return to business as usual."
Sian John, UK Security Strategist at Symantec, said that the exercise was very encouraging, as it shows financial institutions are putting security at the top of the agenda.
"Often you see security being considered at the last minute rather than being engineered into projects and infrastructures from day one so it’s very encouraging to see an important sector like this taking part in preventative measures," she said.
"Threats are becoming increasingly targeted and focused on accessing information that can be used for malicious gain or sold on via underground markets," she added. "An exercise like this will demonstrate exactly how robust their systems are and where the vulnerabilities lie. It may mean they need to reconsider back up sites for example or rethink security altogether – whatever the results it’s a nice illustration that financial institutions are proactively looking to manage risk."
An Exercise Report will be published early next year discussing the results of the test, alongside a Post Exercise Conference, the FSA said.
London 2012 Gerry Pennell recently said it would be very difficult to launch a successful cyber attack on the Games themselves, due to the way his team had built the tech infrastructure.
"We will be using a content distribution network to push data out, which means our dependency on a central host architecture is much lower. What that means is that it is very hard to launch a distributed denial of service attack (DDoS), simply because our front-end is so dispersed," he said.
"We designed our approach to information security into our architecture from the beginning," Pennell continued. "We keep mission-critical Games systems, such as anything to do with distributing results, quite insulated from other components of the network, particularly anything web-facing, thus making it extremely hard for an external attack to succeed."
This article is from the CBROnline archive: some formatting and images may not be present.