The House of Commons Treasury Select Committee has held a series of high-level meetings with financial regulators and other experts on cyber crime to address concerns of a major attack.
According to the Telegraph, the meetings have been held with an influential group of MPs investigating whether the financial system is at serious risk of cyber security breaches, amid growing concerns that customers and businesses are inadequately protected.
Among the concerns are: while banks are investing hundreds of millions in defences, certain parts of their systems remain out of date or contain vulnerabilities. The MPs are understood to be concerned about cyber crime on two levels – both about attacks on the financial system from rogue states and terrorists, and on customers’ individual data.
The Waking Shark 2 stress test, held last November, was deemed to be a success, with 14 firms, six financial market infrastructure provider, financial authorities including the Bank of England and the Prudential Regulation Authority, Financial Conduct Authority, HM Treasury and Government agencies and 220 attendees taking part.
It was held over three days and included: DDoS attacks; targeted and PC wipe attacks that penetrated the firms’ networks for disruptive and destructive purposes; issues with end-of-day market data pricing files for some equities markets; issues with Central Counterparty Clearing processes for fixed income; and issues associated with processes used to instruct payments through agent banks and manage balances in accounts at agent banks.
However consultant and former Met Police Hi-Tech head Adrian Culley called the initiative “a mutual pat on the back exercise”, while Professor John Walker, a member of the British Computer Society Elite Group, said that he did not feel that Waking Shark 2 was a success as “it did not reflect the real world” and that banks “still have massive issues”.
He told IT Security Guru that victims were only exposed as far as the Bank of England’s knowledge, as they “do not understand the real issues”.
He said: “If you are going to deal with real world, dangerous people, you need to understand the matters in hand. I know from speaking to those involved. This was about doing something for the public, and not for security – but sadly, that is the world we live in and why the cyber criminals are winning.”