City firms found failing in the battle against attack from cyber sharks
Bank of England's Waking Shark II exercise reveals that police have to be called in faster
Thursday 06 February 2014
City firms have been told that they need to act more quickly and report to regulators in more detail if they become subject to cyber-attacks from criminal gangs, terrorists or hostile countries.
The Bank of England, which conducted a massive simulation exercise called Waking Shark II, representing a three-day attack on the City back in November, said this had shown that banks had made considerable progress in the last two years, but more could still be done.
The detailed review of the Waking Shark II exercise was revealed as the Business Secretary, Vince Cable, hosted a summit of regulators for the financial, water, energy, communications and transport sectors with ministers and top officials from the security and intelligence agencies, to discuss working in partnership to address cyber threats to the UK's essential services.
Waking Shark II, held on a single day in a City livery hall, simulated a three-day concerted cyber-attack on the UK's financial system by a hostile state. It was aimed at the wholesale areas of the market and was designed so that the third day included the "triple witching" when stock options and futures all expire at the same time.
The exercise included denial-of-service attacks on firms' websites, attacks on their networks and problems with closing share prices, bond clearing and payment instructions.
Andrew Bailey, a deputy governor of the Bank of England and the head of the Prudential Regulation Authority, said: "It is essential for financial stability that the UK financial system and its infrastructure continues to work towards improving its ability to withstand cyber-attacks."
The Bank of England said that Waking Shark II had worked, but that it would now consider creating a single co-ordinating body across the financial industry to manage how banks, firms and regulators communicate with each other in a cyber-attack crisis.
It said that it would look at strengthening the Cyber Security Information Sharing Partnership, set up in March last year, which connects firms and government agencies.
This partnership is complemented by a "Fusion Cell" supported on the Government side by the Security Service, GCHQ and the National Crime Agency, and by industry analysts from a variety of sectors.
The Bank also warned banks and firms that they needed to be much faster in reporting criminal attacks to the police and, if necessary, other law enforcement agencies.
It said that it would also make it clearer to firms which are regulated by both the PRA and the Financial Conduct Authority how and to whom they should report incidents.
Mr Bailey said: "The role that regulators such as the Bank of England and Ofcom are already taking to embed cyber security in their sectors is vital, as set out in a joint communiqué outlining steps that government and regulators agree to undertake to help manage cyber risk across each sector."
Mr Cable said: "Cyber-attacks are a serious and growing threat to British businesses, but it is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives."
The Bank said there was demand for "further and more challenging" exercises including extending simulated cyber-attacks to firms' retail businesses.
- 1 Double chins could be 'cured' without surgery or dieting using new injection
- 2 The BBC has just done more to eradicate ‘terrorism’ than all our wars since 9/11
- 3 Christian blogger says she will not wear leggings in public because they entice men and cause them to look at her 'lustfully'
- 4 Thank heavens for Louise Mensch and her foul-mouthed tweets to world leaders
- 5 Saudi preacher who 'raped and tortured' his five -year-old daughter to death is released after paying 'blood money'
'We would evict Queen from Buckingham Palace and allocate her council house,' say Greens
French court convicts three over homophobic tweets, in case hailed as a 'significant victory' by LGBT rights campaigners
Greece elections: Syriza and EU on collision course after election win for left-wing party
British Muslim school children suffering a backlash of abuse following Paris attacks
British grandmother Lindsay Sandiford faces execution by firing squad in Indonesia
Louise Mensch says 'F**K YOU' in explosive tweets about David Cameron, Saudi Embassy and the Queen over King Abdullah tributes
iJobs Money & Business
£16500 - £16640 per annum: Recruitment Genius: This fast growing Finance compa...
£30000 - £32000 per annum + benefits : Ashdown Group: A highly successful, int...
£18000 - £20000 per annum: Recruitment Genius: This rapidly expanding business...
£25 - 28k + Bonus: Guru Careers: An In-house / Internal Recruiter is needed to...