Britain’s banks and financial firms are taking part in a major cyber “war game” exercise today to test their defences against the mounting threat of online attack.
The simulation – dubbed Waking Shark II – is set to be one of the largest of its kind in the world, involving teams of staff from dozens of banks and other City institutions and overseen by officials from the Bank of England, the Treasury and Financial Conduct Authority.
Details of the exercise have been kept under wraps, but it is expected to concentrate on how banks cope with a sustained attack, in particular focusing on investment banking systems, such as clearing and risk management tools.
Credit Suisse is understood to have designed a scenario that will mimic a real-time threat, with firms hit by a barrage of announcements and attacks on computer systems, also involving social media.
It is thought the test will be co-ordinated from one room, with staff from financial firms interacting with each other, Government officials and regulators as the crisis unfolds.
But teams of staff across the offices of financial firms are also expected to take part as the exercise plays out.
It comes amid growing fears over internet attacks and the ability of the UK banking system to protect itself.
The Bank of England’s Financial Policy Committee (FPC) warned recently that there were a number of “potential vulnerabilities” in the system and called on financial institutions – including the Bank – to draw up plans for protection as a priority.
The UK’s banking sector is particularly at risk due to old and complex IT systems, as well as a high degree of interconnectedness and its reliance on centralised infrastructure, such as payment systems and clearing houses.
The last cyber threat exercise – the original Operation Waking Shark – is thought to have taken place in 2011 under the watch of the former Financial Services Authority, testing responses to an attack at a time of increased demand, then using the London Olympics as a scenario.
Andrew Wingfield, partner at law firm King & Wood Mallesons SJ Berwin, welcomed a “proactive” test on the resilience of bank security infrastructure.
He said the risk of online attacks was increasing as customers move from traditional banking services to technology, data, communications and social media services.