‘Waking Shark II’: Cyber-attack tests London banks 

12 Nov, 2013 17:25 / Updated 11 years ago

A simulated cyber-attack on financial markets, codenamed “Waking Shark II,” took place in London on Tuesday to determine how well the City would respond to a large-scale disruption of Internet services.

Hundreds of employees from London’s financial sector participated in the drill, led by a team from Credit Suisse, who created a ‘war game’ scenario to be given to the participants in stages.

The five and a half hour simulation measured the City’s level of preparedness in handling a major cyber-attack on computer systems targeting stock markets and rippling through social media, sources told Reuters. The cyber ‘war games,’ allowed the various agencies to determine how well banks and companies “communicate and coordinate with authorities and each other.” 

One of the attacks simulated a denial-of-service (DOS) attack from a fictitious foreign government. The attack made the network inaccessible to its users. Sources told the agency that it was productive and rendered them better equipped with the tools to face an attack in real-time. 

Others said that there was still a great deal of work to be done. "It will take a lot of detailed technical work and testing, coordinated across the industry, to really understand all the interdependencies and develop meaningful containment and recovery plans," said Richard Horne, a partner at PricewaterhouseCoopers.

“Waking Shark II” was supervised by officials from the Bank of England, Treasury and Financial Conduct Authority, as well as British cyber agencies. A number of financial institutions participated in this year's test, including Barclays, BNP, Bank of America, CHAPS, Commerzbank, Credit Suisse, Deutsche Bank , Euroclear, Goldman Sachs, HSBC and JP Morgan.

The cyber drill, which follows a simulation held in New York this year, dubbed "Quantum Dawn 2," was intended to help security experts and fall-back programmers to make rapid decisions and communicate effectively with their industry colleagues at a moment of extreme stress where every second counts.

One unnamed London-listed company suffered losses of 800 million pounds ($1.29 billion) in a cyber-attack several years ago, British security services revealed in a Sky News report.

The threat of another cyber-attack seems to be more a matter of 'when' rather than 'if', leading the Bank of England to issue warnings to banks to beef up their defenses.

Andrew Wingfield, a London-based partner at law firm, SJ Berwin, said that the effect of the exercise will influence future regulation.

"The more immediate result will be to affirm or call into question the UK's position as a safe haven for investment and as a global leader in financial services," he told Reuters.

According to David Emm, senior security researcher at internet security company, Kaspersky Lab, a high level of communication is crucial in the immediate moments following a cyber-attack.

"Businesses must have a plan of action which includes all relevant stakeholders from both internal and external parties,” he told Sky News. "Communication across other sectors can be important as the effects on one company can have far reaching consequences for many others".

While the UK government is serious about the threat of a coordinated cyber-attack on the country’s financial heart, Emm said “more work still needs to be done to help all businesses adopt a more secure mindset, and exercises like this help contribute to this."

Results and recommendations from the test will be released early next year.

The last time such an extensive cyber drill took place was in 2011, when various agencies practiced how they would handle a cyber-attack during the London Olympics.