The Bank of England recently ran a three-day cyber attack exercise on the British financial system. The attack, which was aimed at increasing knowledge of security flaws in online banking systems, revealed serious problems in the security systems used by some of the country’s largest financial services companies.
Recent publications from the Bank of England stated that the country’s financial system has made “considering progress” since a similar exercise was carried out, but that a single body is required to ensure communications between banks and government agencies are coordinated in the event of a future security breach.
Experts have recommended the British Bankers’ Association as an industry body that could coordinate communications in the financial system. The BBA would be required to oversee the banking industry’s response to a serious breach of online security systems if a disruption attack occurred.
The Bank of England’s report noted that there was “no central industry coordination for financial sector information-sharing and communication to the wider public.” In the recent operation, named Walking Shark II by the bank, experts assessed the UK banking industry’s readiness to handle an international cyber attack.
Operation Walking Shark II involved three-day denial of service attacks on many of Britain’s leading banks. Hackers were also able to penetrate secure networks and cause issues with core payment systems and user accounts. The simulated attack was timed to coincide with the expiration of important stock options.
Due to the issues in banking industry security highlighted by the exercise, the Bank of England plans to conduct several further simulated attacks in the future. Experts believe that threats to the UK banking system are most likely to come from abroad, and that widening the scope of military war games to target financial attacks could be an effective strategy in combating cyber warfare.