London banks run Waking Shark cyber warfare game

Around 100 financial institutions in London took part in a wide scale exercise created to test the city's cyber security readiness.

Dubbed Waking Shark II, the simulated attacks carried on for more than five hours and were supervised by a number of UK entities, including the Financial Conduct Authority (FCA), the Bank of England, and the country's Treasury department.

Some banks and financial organisations that participated included, Barclays, Morgan Stanley, Bank of America, Goldman Sachs, HSBC, JP Morgan, the London Stock Exchange and Royal Bank of Scotland, Reuters reported.

Attack exercises were meant to test the resilience and response of the city's financial market, and entailed fake foreign government and denial-of-service attacks, among other war games, the outlet revealed.

The event, in its second year in the UK, is comparable to “Quantum Dawn,” a similar simulated attack in the US and Cyber Storm in Australia.

Last month, the Securities Industry and Financial Markets Association (SIFMA) released the results of the Quantum Dawn 2 trial run attacks, which occurred on July 18 in the U.S.

Deloitte & Touche co-authored the 11- page report.

Areas where participating firms needed to improve their procedures were highlighted, as well as recommendations to address the weak points.

Proposed improvements included, institutionalizing procedures to determine if financial markets should remain open or close in the wake of systemic cyber attacks; updating sector-wide incidence response between government agencies and financial organizations; and formalizing communications protocols with the public when responding to attacks.

American Bankers Association vice president Doug Johnson said the exercises provide an “extremely valuable” lesson in cyber readiness for banks.

He also added that the tests should grow to become more efficient, as the institutions participating in the simulated attacks are also meant to.

“We get better every time we do one of these [exercises],” Johnson said, later adding that “it's also important that we, not only continue to refine the tests, but that we also take action on the lessons learned.”

Gartner vice president Avivah Litan who specialises in fraud prevention in the banking sector, the exercises were crucial in that give organizations "a chance to test out their organizational preparedness."

"It's one thing to have all these processes documented – it's another to test them out and make sure they work," Litan wrote. "It's a lot like a fire drill. You can tell people which exits to take when, but unless you practice, people get confused when the emergency hits."

This article originally appeared at scmagazineus.com