Financial firms and banks across London will be hit with a cyber war game scenario tomorrow to test how well they could hold up under a major IT attack. Sources whispered to Reuters that the cyber stress test already known to be taking place sometime this month would actually hit the finance sector on 12 November. "Waking Shark …
No matter how many times I read the headline, it seems that the use of "-'nads" (*) conditions my brain to mis-read "waking" and makes me think "hmm, didn't know sharks were in to that sort of thing. Thought that was dolphins".
Naughty headline writers forcing our innocent reader's brains to think of such things...
(*) Could also be "Banks", I suppose.
It wasn't just you ...
I'm reminded that the collective noun for Bankers is a 'Wunch'
In mitigation, Iv'e had a long day!
The fools, don't they realise they are risking death to us all by triggering a Sharknado !
How is this a fair test?
In the real world, you wouldn't necessarily know an attack is coming, or where it would be directed.
I doubt this "attack" will employ any techniques that the defending staff haven't specifically been told to prepare for.
I was in Sainsbury once when all the lights went out. And the tills. But the tills were back about five minutes after the lights came back. As a computer person, I was impressed: I have known some networks that needed an hour or two of tinkering before re-use.
I shall be in Sainsbury again tomorrow. For how long, we shall see.
Then there was my neighbour who, a year or two ago, took a day off work to do Xmas shopping. But the power was out in the High Street, and they could take even cash. Wasted day!
So the big threat is mains failure.
Instead of this test .....
...... why not make them run intrusion testing across websites, branches and head offices and publish the reports? After all, if there is nothing to hide........
...tests against physical security,...
How many 'key staff' do you need to gather into a disused warehouse and 'persuade', in order to have access to serious amounts of money. Just wondering.
Let's join in!!
To me this seems quite a stupid announcement. Tell the world about a day that all IT bods will be busy analyzing fake scenarios.
Wednesday might have been a better day to make this announcement. I shall be making a withdrawal this evening
Re: Let's join in!!
Tests of serious things, from computer systems to armadas and nuclear weapons have always been really difficult to manage things. The results won't really reflect those of a true attack as there is forewarning, but if you don't announce it there could be serious repercussions. Panicking the panicky bastards in the finance world with an unannounced test could cause billions in losses and panicking the Captain of a destroyer could start a war.
There are papers out there regarding testing and attack simulations, they get way into game theory and measuring secondary effects to extrapolate possible primary effects. They're boring as shit. At the end of the day there's general agreement that gathering some data is better than no data or causing a panic. It might very well be that a problem in an assumed effective process is identified and can be fixed.
Re: Let's join in!!
You do have a point from a different angle: that day seems perfect to mount a real attack, because everyone will assume it's benign and part of the test.
Re: Let's join in!!
I'm at the Waking Shark exercise now. Not really many people here who look like 'IT bods'. Mostly just a bunch of bigwigs who wouldn't have to do any of the legwork should any kind of attack happen.
Seems to be mostly a decision making exercise.
according to Professor Stupples. "They are stress testing systems against known threats,"
I should be most interested to know how the professor would test for unknown threats.
known knowns, known unknowns, etc.
Perhaps "published" threats would have been a more precise phrase but we know what he meant. Basically the sorts of incompetence we gripe about all the time here: failure to install the Adobe/Oracle/MS/*nix repository patches that have been published for at least 6 months, plus a raft of 101 stuff that is a bit beyond basic patching. (Not that basic patching is necessarily an easily accomplished task in a complex environment.)
So kids sounds like perfect cover for anyone planning some mischief.
Not of course that I would advocate such behaviour, which would be illegal under assorted UK laws.
That's a name I'd take care when typing.
Attack of the cyber stress test ..
Would this 'cyber stress test' consist of simulating a massive DDOS attack from a vast army of compromised Windows Desktop computers?
Just better be sure the similation computer isn't connected to the phone line.
It'll be ok. They deleted all the backdoor passwords.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan