UK banks stress-test cyber-defences

The Treasury, the Bank of England and the Financial Services Authority have put banking systems under simulated cyberattack to test their defences in the run-up to the London Olympics in 2012.

The Bank of England and other financial bodies have participated in a tabletop-based test of banking cyber-defences. Photo credit: James Stringer/Flickr

The tabletop simulation on Tuesday tested how telecommunications, the internet, and wholesale and retail payment systems would hold up in the face of a large onslaught, according to a spokesman for the FSA, which regulates financial institutions.

"This is about how firms deal with major disruptions," the spokesman told ZDNet UK. "It will test dependencies on telecommunications and the internet, so what happens if you suddenly find that the payments systems go down; what happens if there are problems with the internet, and how firms cope with that; but also focus on managing the return to day-to-day business."

A number of governments have tested responses to cyberattack, amid a growing concern about the effects of a successful attempt on critical national infrastructure. Earlier this month, European member states and the US teamed up to put cyber-defences to the test, and in November 2010, Europe checked out its cyber-defences in an exercise that mimicked a gradual loss of internet connectivity.

The exercise on Tuesday brought 87 organisations around a table to stress-test their communications links, crisis management and response. The scenario included a backdrop where large numbers of staff had been delayed in getting into work due to transport disruption caused by the 2012 Olympics.

Participants included hedge funds and major retail banks such as HSBC, which confirmed it was taking part. All of the organisations paid £7,000 each for a seat at the table, the FSA spokesman said. Companies outside the immediate sphere of the test, such as Transport for London and the London Internet Exchange (Linx), were not involved.

The simulation was called the 'market-wide exercise' (MWE), according to an FSA note. UK financial authorities developed the MWE in conjunction with "a wide range of sector representatives and industry experts". The simulation called for responses in worsening circumstances.

In all, around 5,000 people were involved in the exercise, according to a Treasury spokesman.

"The Treasury's role in this is to respond as we would to a real-life scenario," the spokesman told ZDNet UK. "So, [for example] we are updating Number 10 and the Cabinet Office exactly as the Treasury would do."

The Treasury was involved as part of ongoing contingency planning, the spokesman added. The Cabinet Office leads the UK government response to cyberattack, which is co-ordinated by the Office of Cyber Security and Information Assurance (Ocsia).

The last MWE, held in 2009, checked out responses to severe weather and attendant transport and telecommunications failures, according to a report on that exercise. The report for the 2011 MWE is scheduled for publication in the first quarter of 2012, according to the FSA.