US and UK banks will this month take part in a major transatlantic cybersecurity exercise to test their readiness to withstand a serious attack on their systems.
Operation Resilient Shield was announced by prime minister David Cameron on his visit to see Barack Obama in January.
It will involve the UK’s biggest banks and test how good they are at responding to cyber attacks designed to steal information and cripple systems, according to The Telegraph.
Unlike previous exercises, such as the Waking Shark operations run successfully in previous years, this one will require banks on either side of the Atlantic to co-ordinate activities.
The national Computer Emergency Response Teams (CERTs) will apparently be tasked with overseeing the program.
It’s thought that Resilient Shield will look to test the lines of communication between the two governments, between the participating banks, and between the governments and the respective banks they regulate.
The Bank of England urged the financial services sector to “improve and test resilience to cyber attack” back in December last year, and has been ramping up the pressure on organizations it feels are still only doing the bare minimum to protect themselves.
Operation Resilient Shield was welcomed by industry experts.
Arbor Networks director of EMEA channels and alliances, Richard Brown, argued that the financial services industry is far too big a target for hackers and too important to the UK economy to ignore.
“A proactive approach to security is the best form of defense, with people and analytics tools being used to actively search for threats, instead of waiting for an event to take place,” he added.
“Any test that focuses organizations on their incident handling processes and communications is a good thing, as the more these are used and tested, the better our people and processes—and thus our defensive capabilities—become.”
David Kennerley, senior manager for threat research at Webroot, argued that the simulation “will give the industry the checks it needs to test the protection and the processes it has in place.”
“Applying gaming principals to security problems is a great way to improve security knowledge across companies through real engagement,” he added. “The bottom line is that the more you practice and prepare for an attack, the better you will respond when encountering the real thing.”
Rob Norris, Fujitsu UK&I director of Enterprise & Cyber Security, claimed that innovation in online and mobile is “creating complex multi-channel IT infrastructures” in banking.
“CIOs in the banking industry are facing an unenviable challenge—securing multi-channel environments while ensuring customer experience does not suffer,” he added.
“What is paramount is that the industry does not overlook or get complacent about security or place it in the ‘too big to fix’ category. As the number of threats continues to increase exponentially—can the industry afford for it not to be the number one priority?”