David Cameron and Barack Obama have announced plans to implement a rolling programme of ‘war game’ cyber attacks on each other.
The attacks, which will be conducted by GCHQ, MI5 and the FBI, will target critical national infrastructure, and the first test will hit the financial sector later this year. During this exercise, the Bank of England and commercial banks in the City of London and Wall Street will be targeted in a bid to ensure adequate security measures are in place.
Agents will also co-operate in “cyber cells” on both sides of the Atlantic. Speaking to BBC News, Cameron said that cyber attacks are one of the “biggest threats we face”, and with expertise in the UK and USA, the capabilities will be combined to share information not only on how to best protect ourselves.
He said: “It is happening already, but it needs to be stepped up. We have in GCHQ an asset that is massively expert in preventing cyber attacks, in America they have a similar asset in the NSA and they do work well together, but this is a real signal that it is time to work together to step up the efforts and to do more.
“It is not just about protecting companies, it is also about people’s data and people’s finances. These attacks can have real consequences to people’s prosperity.”
Richard Cassidy, technical director EMEA at Alert Logic, welcomed the move, saying that activities such as the “War Games” serve a great purpose in raising industry awareness about the real threat posed to businesses across the industry.
He said: “Focusing on finance and national infrastructure sector is a good start and represents the most high-profile high-value targets we’ve seen attacked over the past several years. Having the best Government-led minds from both sides of the pond working together to test the threat protection capabilities of some of our most important organisations is a great benefit given that the source is not malicious and any weaknesses found can be rectified to bolster their respective security mechanisms.
“Success will be deemed by how the information is shared and the lessons learned by both sides on the outcome of these games. The goal has to ensure better security posture of the targets and raised awareness across the industry of the real danger organisations face into today’s light-speed evolving threat landscape. Hacker cells are becoming far more sophisticated in response to the increased capabilities of our applications and infrastructure and as such taking a great deal more time and effort in targeting their victims of high value.”
Andy Settle, chief cyber security consultant and head of practice at Thales UK, said that a successful attack on a country’s financial sector could lead to disastrous consequences throughout the world, with staggering effects on markets. “To this end, it is promising to see that the first drill is targeting the City of London and Wall Street, taking clear precautions to ensure the security of these countries’ economic infrastructure,” he said.
Ross Brewer, vice president and managing director for international markets at LogRhythm, said: “The sharing of intelligence between MI5, GCHQ and the FBI will be key in this programme’s success. While, in the UK, we have seen the Waking Shark exercise and the Bank of England employee ethical hackers to test its infrastructure in recent years, it is only worthwhile if the lessons learned are acted upo
n and shared with a wider audience.”