UK BANKS are taking part in a cyber attack simulation today, which will test how well prepared they are and how quickly they can return to normal operations.
The Market-wide Exercise is a test cyber attack scenario involving 87 financial authorities across the UK designed to simulate the potential disruption that could be caused by an attack.
The aim of the exercise is to explore the dependency of the financial sector on telecommunications and the internet and to help get banks back to business in the event of an attack. It will also analyse transport disruption relating to the upcoming 2012 Olympics, a time when law enforcement and security agencies will be on high alert.
Instead of focusing on crisis management and releasing the scenario at the last minute, which would put immense pressure on financial institutions, the scenario was given to participants in advance so that they could better prepare for today's exercise. The flaw with this, however, is that hackers and cyber criminals will not be kind enough to reveal their plans in advance, and thus true readiness for an attack might suffer as a result.
Once the exercise is completed the Financial Sector Continuity Group will analyse what happened and identify a number of key lessons that need to be learned. These will likely involve planning, communications, backup systems, and an emphasis on implementing more secure technology, which is an ever changing reality.
"It is very pleasing to see the financial sector taking the threat of cyber attack so seriously and we hope that other sectors will follow suit," said Henry Harrison, technical director at intelligence security firm BAE Systems Detica. "The key to this sort of exercise is using sufficiently representative scenarios. This is as true for cyber attack scenarios as for financial disaster scenarios - while it is simple to imagine situations such as a total loss of communications, realistic scenarios should also include the loss of confidence in the integrity of data or key systems, or indeed the loss of confidence in the confidentiality of communications between different players in the system."
The INQUIRER spoke with Joseph Eyre, manager of media relations at the Financial Services Authority about the exercise. He told us it began at 8am today and will end some time this afternoon, probably around 4pm. He said the aim is to improve resilience and planning in the financial sector, but added that there won't be a pass or fail grade for participants.
When pressed about how well prepared the UK is for an attack on its financial institutions he said, "One would think they're pretty well prepared," but was not sure. He was also uncertain about the likelihood of an attack, but cited "growing industry concerns regarding the increasing frequency of attacks", suggesting it is a significant threat.
A Post Exercise Conference will be held in the first quarter of 2012. An Exercise Report will also be released at that time. µ
Sign up for INQbot – a weekly roundup of the best from the INQ