05 February 2014
The Bank of England (BoE) has published the findings of a cyber-resilience report – Waking Shark II exercise – which tested the wholesale banking sector’s response to a sustained and intensive cyber-attack.
The exercise supports the recommendation by the Financial Policy Committee to improve and test resilience against cyber-attacks. The report shows that considerable progress has been made since the previous exercises in 2011 and highlights areas which could be further improved.
Issues for consideration that did come forward as a result of the exercise include communication within the financial sector; regulatory engagement; usage of the CISP platform; and engagement with law enforcement.
Recommendations that were made to address the points raised include considering a single coordination body from industry to manage financial sector communication during an incident; reinforcing awareness and need for firms to report incidents to regulators; continued enhancement of CISP platform between firms and government partners; and finally, reinforcing importance of reporting incidents to law enforcement authorities.
Waking Shark II was organised by the Securities Industry Business Continuity Management Group which drew on extensive cyber expertise to design a scenario in which a cyber-attack caused disruption to wholesale markets and the financial infrastructure supporting those markets. It involved participants from investment banks, financial market infrastructure, the financial authorities and the relevant government agencies. The exercise tested the communication between firms and the authorities, and aimed to improve understanding of the impact of a cyber-attack on the participants and wider financial sector.
The Bank of England and other financial authorities will continue to work with the sector to test collective resilience to cyber-attack as part of its ongoing programme of work.