Cyber Attack ‘War Game’ Tests London Banks

November 13, 2013 by Matt Scuffham and Joshua Franklin

A cyber attack by a foreign government on financial markets played out in one of London’s historic halls on Tuesday in a “war game” simulation designed to test the city’s defenses against online saboteurs.

About 100 bankers, regulators, government officials and market infrastructure providers gathered to take part in an exercise dubbed “Waking Shark II” at Plaisterers’ Hall in the heart of Britain’s financial district.

Regulators and companies are growing increasingly concerned about the threat of cyber crime to the banking system, including the impact of coordinated online assaults or hacking attacks on specific lenders. The Bank of England has told banks to strengthen their defenses against cyber attacks.

One unidentified London-listed company incurred losses of 800 million pounds ($1.3 billion) in a cyber attack several years ago, according to British security services.

Tuesday’s five-and-a-half-hour event involved simulations designed to test how well banks and other market players communicate and coordinate with authorities and each other, sources told Reuters.

An industry source who attended said one of the simulations featured a cyber attack by a fake foreign government and a denial-of-service (DOS) attack, which makes network resources unavailable to users.

The source described the test as a “productive exercise” that left participants better equipped to deal with a real-life attack.

The finance ministry, Bank of England and the Financial Conduct Authority said the exercise had been “sustained and intensive.”

“A thorough review of the lessons learned is underway to identify potential improvements to the resilience of the sector,” their joint statement added. A report will be published early in the new year.

Real Challenge

The event, one of the largest of its kind in the world, follows a similar large-scale simulation in New York this year dubbed “Quantum Dawn 2” and comes amid heightened fears over the threat from hacking and cyber attacks.

“This is a good opportunity to iron out any flaws now before our cyber defenses are tested in anger,” said Stephen Bonner, a partner in KPMG’s Information Protection & Business Resilience team.

Richard Horne, a partner at PricewaterhouseCoopers who specializes in cyber security, said the exercise was useful but that the real challenge lay in coordinating across the industry to make sure a crisis scenario is never reached.

“It will take a lot of detailed technical work and testing, coordinated across the industry, to really understand all the interdependencies and develop meaningful containment and recovery plans,” Horne said.

The investment banking industry itself played a key role in coordinating the exercise, along with the Bank of England, the Treasury and the Financial Conduct Authority (FCA), and follows a similar exercise two years ago, the sources said.

Institutions involved in this year’s test included Barclays , BNP Paribas, Bank of America, CHAPS, Commerzbank, Credit Suisse, Deutsche Bank , Euroclear, Goldman Sachs, HSBC, JP Morgan, LCH Clearnet, London Stock Exchange, Morgan Stanley, Nomura, Royal Bank of Scotland , SocGen, SWIFT and UBS, according to a source familiar with the matter.