Cyber attack "war game" tests London banks


* Exercise involved "fake foreign government attack"-source

* Also involved "denial of service attack" - source

* Event dubbed "Waking Shark II"

* Bank of England has told banks to strengthen defences

By Matt Scuffham and Joshua Franklin

LONDON, Nov 12 (Reuters) - A cyber attack by a foreigngovernment on financial markets played out in one of London'shistoric halls on Tuesday in a "war game" simulation designed totest the City's defences against online saboteurs.

About 100 bankers, regulators, government officials andmarket infrastructure providers gathered to take part in aexercise dubbed "Waking Shark II" at Plaisterers' Hall in theheart of Britain's financial district.

Regulators and companies are growing increasingly concernedabout the threat of cyber crime to the banking system, includingthe impact of coordinated online assaults or hacking attacks onspecific lenders. The Bank of England has told banks tostrengthen their defences against cyber attacks.

One unidentified London-listed company incurred losses of800 million pounds ($1.3 billion) in a cyber attack severalyears ago, according to British security services.

Tuesday's five and a half hour event ran from 1200 GMT andinvolved simulations designed to test how well banks and othermarket players communicate and coordinate with authorities andeach other, sources told Reuters.

An industry source who attended said one of the simulationsfeatured a cyber attack by a fake foreign government and adenial-of-service (DOS) attack, which makes network resourcesunavailable to users.

The source described the test as a "productive exercise"which left participants better equipped to deal with a real-lifeattack.

The finance ministry, Bank of England and the FinancialConduct Authority said the exercise had been "sustained andintensive".

"A thorough review of the lessons learned is underway toidentify potential improvements to the resilience of thesector," their joint statement added. A report will be publishedearly in the new year.


The event, one of the largest of its kind in the world,follows a similar large-scale simulation in New York this yeardubbed "Quantum Dawn 2" and comes amid heightened fears over thethreat from hacking and cyber attacks.

"This is a good opportunity to iron out any flaws now beforeour cyber defences are tested in anger," said Stephen Bonner, apartner in KPMG's Information Protection & Business Resilienceteam.

Richard Horne, a partner at PricewaterhouseCoopers whospecialises in cyber security, said the exercise was useful butthe real challenge lay in co-ordinating across the industry tomake sure a crisis scenario is never reached.

"It will take a lot of detailed technical work and testing,coordinated across the industry, to really understand all theinterdependencies and develop meaningful containment andrecovery plans," Horne said.

The investment banking industry itself played a key role inco-ordinating the exercise, along with the Bank of England, theTreasury and the Financial Conduct Authority (FCA) and follows asimilar exercise two years ago, the sources said.

Institutions involved in this year's test included Barclays, BNP Paribas, Bank of America, CHAPS,Commerzbank, Credit Suisse, Deutsche Bank, Euroclear, Goldman Sachs, HSBC, JPMorgan, LCH Clearnet, London Stock Exchange,Morgan Stanley, Nomura, Royal Bank of Scotland, SocGen, SWIFT and UBS, according toa source familiar with the matter.

View Comments (0)