The simulation, Operation Waking Shark 2, has been scheduled for mid-November, according to sources quoted by the Daily Telegraph.
The test has been designed by an outside consultant and will be monitored by the Bank of England, the British Goverment’s Treasury and the Financial Conduct Authority.
The attack will simulate a “very severe” cyber attack on the stock markets, banks and payment providers – and will involve several thousand people.
In September, Scott Borg, chief of the U.S. Cyber Consequences Unit, said that he believed manipulation of the financial markets would be the next major target for cybercriminals, according to Computer World.
More than half of securities exchanges around the world faced cyber attacks last year, according to a paper released by the International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges (WFE).
“The number of high profile and critical ‘hits’ is also increasing,” says the IOSCO report.
“The report warns that underestimation of the severity of this emerging risk may lay open securities markets to a black swan event.”
A survey of 46 exchanges around the world found that 53% had faced cyber attacks – mostly disruptive in nature, rather than financially motivated, and mostly consisting of malware or DDoS attacks. Nearly all – 89% – of those surveyed agreed that cybercrime should be considered a systemic risk.
The report says, “This suggests a shift in motive for cybercrime in securities markets, away from financial gain and towards more destabilizing aims. It also distinguishes cybercrime in securities markets from traditional crimes against the financial sector e.g. fraud, theft.”
“While cybercrime in securities markets has not had systemic impacts so far, it is rapidly evolving in terms of actors, motives, complexity and frequency.”
The British Waking Shark tests follow a similar exercise conducted in 2011 – and mirror exercises conducted on Wall street, such as a simulated cyber attack with the Hollywood-esque title Quantum Dawn 2 bombarded the defenses of American banks on June 28 – in an exercise designed to test how Wall Street would endure a sustained cyber attack.
Organised by the trade organization Securities Industry and Financial Markets Association (SIFMA), the exercise was built to “test incident response, resolution and coordination processes for the financial services sector and the individual member firms to a street-wide cyber attack.”