Skip to main content

Operation Waking Shark 2: UK banks simulate massive cyber ‘war game’

A large-scale exercise to test the ability of UK financial organisations to deal with a potential cyber-attack is underway today.

The focus of the operation, dubbed 'Waking Shark 2', will be on investment banking operations but it will also deal with the availability of cash from ATM machines and a potential liquidity squeeze in the wholesale market, as well as the fall out on social media.

The exercise is expected to be one of the largest of its kind and will be coordinated by the Bank of England, the Treasury, the Financial Conduct Authority, as well as staff from high street banks and financial service providers.

"It is great to see financial institutions taking cyber security so seriously and actively encouraging organisations to take a proactive approach to tackling potential cyber threats," said John Yeo, EMEA director at security firm Trustwave.

Yeo claims the majority of breaches to organisations go unnoticed for many months. The 2013 Trustwave Global Security Report revealed that in 2012 it took on average 210 days for an attack to be realised.

"It is crucial that businesses have the proper security controls in place," Yeo said. "So that they can not only help prevent an attack but also, if an attack occurs, they can identify it and respond in an appropriate and measured manner."

In September, Barclays bank was the victim of a £1.3 million cyber robbery that was carried out using a device to remotely access their internal network of computers.

Andrew Miller, COO at Corero Network Security, has argued that one of the most important aspects of the cyber security stress test is in fact the cooperation between banks.

"I think one of the biggest benefits we will see from Operation Waking Shark is not necessarily about banks learning to defend against cyber-attacks, but learning to cooperate," Miller said. "I personally believe that there needs to be more information sharing within financial organisations on the latest threats and attacks they are facing so they can develop a knowledge pool on how to protect against them."