U.S. & U.K. Banks’ Cybersecurity Capabilities Put to the test
U.S. and U.K. banks will partner this month in a simulated cyber attack designed to test the ability of financial institutions to prevent cyber attacks. British Prime Minister David Cameron announced the project, Operation Resilient Shield, when he visited President Barak Obama in January, according to infosecurity-magazine.com. The Computer Emergency Response Teams (CERTs) will oversee the program.
Cameron and Obama agreed to improve efforts to enhance cybersecurity of both countries and strengthen information sharing on cyber issues, according to BH Consulting, a U.K.-based IT operations consultancy.
Cybersecurity Risk Grows
The joint project is in response to the growing sophistication of cyber attacks. Operation Resilient Shield will test communication among the U.K. and U.S. governments, participating banks and the banks they regulate.
The banks will co-ordinate their activities, unlike earlier exercises such as Waking Shark. In 2013, banks announced the most extensive exercise in response to cyber attacks at the time, according to The Telegraph. Operation Waking Shark 2 consisted of a one-day “war game” simulating a cyber attack on U.K. payments and market systems. Waking Shark 2 followed the first Operation Waking Shark conducted by the now-defunct Financial Services Authority.
ULast December, the Bank of England encouraged the financial services sector to conduct a new test and expressed concern that financial service organizations were not doing enough to prevent cyber attacks.
Report: Cybersecurity Risk Shifting
In July, the Bank of England’s Governor Mike Carney presented a financial stability report that cited risks from various sources, such as the Greek turmoil, slowing emerging economies, cyber attacks and the U.K.s account deficit, according to The Telegraph. He said that while institutions’ resilience has improved, the risks are shifting. He said that while banks have made progress, he is concerned about the rest of the financial system, including asset managers, insurers, hedge funds – counterparties where securities are traded and settled.
Security Experts Applaud The Project
Richard Brown, director of EMEA channels and alliances at Arbor Networks, the Burlington, Mass.-based firm which addresses DDoS attacks and advanced threats, said the financial services industry is too important to the U.K. economy and too significant a target for hackers to ignore the need for better security, according to SC Magazine.
Brown noted that a proactive approach is the best form of defense. He said analytic tools have to be used to search actively for threats rather than waiting to react to an event.
The more processes are tested, the better prepared the processes will be, he noted.
The joint exercise will provide the checks the industry needs to test its processes, added David Kennerley, senior manager for threat research at Webroot, the Broomfield, Colo.-based Internet security firm. The more one practices and prepares for an attack, the better they will respond to a real attack.
Innovation in online and mobile is creating complex, multi-channel IT infrastructures in banking, added Rob Norris, U.K. director of enterprise and cyber-security at Fujitsu. He said banking industry CIOs face the challenge of securing multi-channel environments while maintaining customer experience, an unenviable challenge.
Norris further warned that the industry cannot be complacent about cyber security as threats continue to grow.
Stephen Catlin, the founder of the largest Lloyd’s of London insurer syndicate, said cyber-attacks pose the greatest systemic risk and that only the government can underwrite the dangers.
A survey of clients at the Depository Trust and Clearing Corporation (DTCC) last year found that a third ranked cyber-crime as the top systemic risk to the broader economy, which was up from less than a quarter the prior year, according to Interquest Group, a London-based provider of digital and web technologies, analytics and IT services.