Banks in the United States are to face a cyber security test that will be conducted by the New York State Department of Financial Services.
According to the Wall Street Journal, around 200 banks will be required to participate in a live webcast where they will answer questions about their cyber security policies and processes on 12th December. All of the banks will be asked questions simultaneously and later will be able to see how they stack up against their peers.
Recently UK banks faced the physical Waking Shark test, a stress test of their security systems today in order to tell how strong they are in the face of a cyber attack. This saw banks bombarded with a series of announcements and scenarios, such as how a major attack on computer systems might hit stock exchanges and unfold on social media.
Speaking this week at an event in London, John Milne, head of resilience at the Bank of England said that Waking Shark 2 was a “combination of denial of service, advanced persistent threat and malware” and while all firms were not hit in the same way, the aim was to create confusion. “The key part of a cyber attack is that you do not know it is happening – if there is a terrorist attack you hear a bang, and if there is a flood your feet get wet, yet some firms get hacked for years and you don’t know as there is no system in place,” he said.
He said that the response was very positive and there was an “appetite to continue” with a report set to be published in the New Year. He said that it was run against teams of eight companies and the purpose of the test was to test the ability to respond to attacks.
Looking forward, he said that a potential third test would involve European partners in a joint exercise. “Only once have we had a successful cross-border exercise and it was before 2008, so it is time we did it again,” he said.
