City firms found failing in the battle against attack from cyber sharks
Bank of England's Waking Shark II exercise reveals that police have to be called in faster
Thursday 06 February 2014
City firms have been told that they need to act more quickly and report to regulators in more detail if they become subject to cyber-attacks from criminal gangs, terrorists or hostile countries.
The Bank of England, which conducted a massive simulation exercise called Waking Shark II, representing a three-day attack on the City back in November, said this had shown that banks had made considerable progress in the last two years, but more could still be done.
The detailed review of the Waking Shark II exercise was revealed as the Business Secretary, Vince Cable, hosted a summit of regulators for the financial, water, energy, communications and transport sectors with ministers and top officials from the security and intelligence agencies, to discuss working in partnership to address cyber threats to the UK's essential services.
Waking Shark II, held on a single day in a City livery hall, simulated a three-day concerted cyber-attack on the UK's financial system by a hostile state. It was aimed at the wholesale areas of the market and was designed so that the third day included the "triple witching" when stock options and futures all expire at the same time.
The exercise included denial-of-service attacks on firms' websites, attacks on their networks and problems with closing share prices, bond clearing and payment instructions.
Andrew Bailey, a deputy governor of the Bank of England and the head of the Prudential Regulation Authority, said: "It is essential for financial stability that the UK financial system and its infrastructure continues to work towards improving its ability to withstand cyber-attacks."
The Bank of England said that Waking Shark II had worked, but that it would now consider creating a single co-ordinating body across the financial industry to manage how banks, firms and regulators communicate with each other in a cyber-attack crisis.
It said that it would look at strengthening the Cyber Security Information Sharing Partnership, set up in March last year, which connects firms and government agencies.
This partnership is complemented by a "Fusion Cell" supported on the Government side by the Security Service, GCHQ and the National Crime Agency, and by industry analysts from a variety of sectors.
The Bank also warned banks and firms that they needed to be much faster in reporting criminal attacks to the police and, if necessary, other law enforcement agencies.
It said that it would also make it clearer to firms which are regulated by both the PRA and the Financial Conduct Authority how and to whom they should report incidents.
Mr Bailey said: "The role that regulators such as the Bank of England and Ofcom are already taking to embed cyber security in their sectors is vital, as set out in a joint communiqué outlining steps that government and regulators agree to undertake to help manage cyber risk across each sector."
Mr Cable said: "Cyber-attacks are a serious and growing threat to British businesses, but it is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives."
The Bank said there was demand for "further and more challenging" exercises including extending simulated cyber-attacks to firms' retail businesses.
Diving in at the deep end is no excuse for shirking the style stakes
- 1 Why I'm on the brink of burning my Israeli passport
- 2 Comfortable in their own skin
- 3 Japanese plant experts produce 10,000 lettuce heads a day in LED-lit indoor farm
- 4 War is war: Why I stand with Israel
- 5 L'Oreal cuts ties with Belgium supporter Axelle Despiegelaere after hunting trip photographs
Israel-Gaza conflict: Death toll tops 125 after overnight raids as Operation Protective Edge continues
Game of Thrones author George RR Martin says 'f*** you' to fans who fear he will die before finishing Westeros saga
Ian Thorpe gay: Olympic swimmer comes out in Parkinson interview
Supermoon 2014: When and why will the moon look bigger and brighter this summer?
Gaza-Israel conflict: Pro-Palestinian demonstrators take to streets of London, Paris and New York in wave of protests
Sustained immigration has not harmed Britons' employment, say government advisers
War is war: Why I stand with Israel
7/7 memorial defaced on anniversary of 2005 attacks with ‘Blair lied thousands died’ graffiti
Australia facing international condemnation after turning around Sri Lankans at sea
Even when it brutalises one of its own teenage citizens, America is helpless against Israel
Socialist Worker called to apologise over ‘vile’ article saying Eton schoolboy Horatio Chapple's death is ‘reason to save the polar bears’
iJobs Money & Business
£70000 per annum: Harrington Starr: Information Security Manager (ISO 27001, A...
£75000 - £85000 per annum + ex bens: Deerfoot IT Resources Limited: Biztalk Te...
£60000 per annum: Harrington Starr: Trade Desk Specialist (FIX, Linux, Windows...
£35000 per annum: Harrington Starr: Service Desk Analyst (Windows, Active Dire...