British Bankers Have Been Playing Cyber War Games All Day

Bankers across London have been freaking out all day over a major cyber attack against their computer systems. But don’t worry—it’s just a drill.

Financial regulators and government officials coordinated a simulation cyber attack to test UK banks’ readiness in the event of a real cyber war scenario. The operation goes by the suitably ominous moniker “Waking Shark II” and is similar to the cyber war games that went down on Wall Street earlier this year (which also sounded like a video game: “Quantum Dawn 2”). As early as last week, Reuters was reporting that the UK exercise would run today, November 12, but details have been kept on the down-low. After all, it wouldn’t be very realistic if people knew what to expect, now would it?

Anyway, what we do know is bank staff will have been racing to resolve a series of challenges consistent with a major hacking threat. According to the Reuters report, which cites “people familiar with the matter,” these could include everyday activities like making sure cash is available to customers using ATMs, and broader problems such as coping with a liquidity freeze in the wholesale market. It's sure to have tested bankers’ nerves, and their ability to cope in a crisis.

The first Waking Shark simulation took place in March 2011, and found that communication wasn’t great between companies when it came to IT issues. A report on the exercise said financial firms were good at discussing the business impacts of the cyber attack, but that “respondents thought the exercise highlighted the lack of cross-firm communications structures in the IT/Security field.” Communication was also highlighted as a weak area in the US Quantum Dawn 2 simulation.

Today’s Waking Shark II operation is being overseen by the Bank of England, the Treasury, and Financial Conduct Authority (FCA), and a report is expected to be released in early 2014.

While it might all be fun and games for now, the cybersecurity of financial institutions is a serious business. Just this September, a gang of eight people hacked into computers at a London Barclays Bank branch and managed to steal a reported £1.3 million before being caught. In that instance, one of the hackers plugged a device into a bank computer while pretending to be an IT engineer.

Some experts have criticised the Waking Shark II operation for focusing too much on the purely digital side of attacks and not on scenarios where physical devices might play a role—for example, an employee inadvertently (or indeed purposefully) using a malware-infected USB stick.

Hey, if it can happen on the International Space Station it can happen at your local high street bank.