Feeds

back to article Blighty's banks prep for repeated kicks to cyber-'nads in Operation Waking Shark II

Financial firms and banks across London will be hit with a cyber war game scenario tomorrow to test how well they could hold up under a major IT attack. Sources whispered to Reuters that the cyber stress test already known to be taking place sometime this month would actually hit the finance sector on 12 November. "Waking Shark …

COMMENTS

This topic is closed for new posts.

No matter how many times I read the headline, it seems that the use of "-'nads" (*) conditions my brain to mis-read "waking" and makes me think "hmm, didn't know sharks were in to that sort of thing. Thought that was dolphins".

Naughty headline writers forcing our innocent reader's brains to think of such things...

(*) Could also be "Banks", I suppose.

2
0
Anonymous Coward

It wasn't just you ...

I'm reminded that the collective noun for Bankers is a 'Wunch'

2
0
Bronze badge

Me too!

In mitigation, Iv'e had a long day!

0
0
Anonymous Coward

The fools, don't they realise they are risking death to us all by triggering a Sharknado !

0
0
Silver badge

How is this a fair test?

In the real world, you wouldn't necessarily know an attack is coming, or where it would be directed.

I doubt this "attack" will employ any techniques that the defending staff haven't specifically been told to prepare for.

0
2
Bronze badge

I was in Sainsbury once when all the lights went out. And the tills. But the tills were back about five minutes after the lights came back. As a computer person, I was impressed: I have known some networks that needed an hour or two of tinkering before re-use.

I shall be in Sainsbury again tomorrow. For how long, we shall see.

Then there was my neighbour who, a year or two ago, took a day off work to do Xmas shopping. But the power was out in the High Street, and they could take even cash. Wasted day!

So the big threat is mains failure.

2
0
Bronze badge

Instead of this test .....

...... why not make them run intrusion testing across websites, branches and head offices and publish the reports? After all, if there is nothing to hide........

3
0
Silver badge

...tests against physical security,...

How many 'key staff' do you need to gather into a disused warehouse and 'persuade', in order to have access to serious amounts of money. Just wondering.

2
0

Let's join in!!

To me this seems quite a stupid announcement. Tell the world about a day that all IT bods will be busy analyzing fake scenarios.

Wednesday might have been a better day to make this announcement. I shall be making a withdrawal this evening

1
0
Silver badge

Re: Let's join in!!

Tests of serious things, from computer systems to armadas and nuclear weapons have always been really difficult to manage things. The results won't really reflect those of a true attack as there is forewarning, but if you don't announce it there could be serious repercussions. Panicking the panicky bastards in the finance world with an unannounced test could cause billions in losses and panicking the Captain of a destroyer could start a war.

There are papers out there regarding testing and attack simulations, they get way into game theory and measuring secondary effects to extrapolate possible primary effects. They're boring as shit. At the end of the day there's general agreement that gathering some data is better than no data or causing a panic. It might very well be that a problem in an assumed effective process is identified and can be fixed.

2
0
Anonymous Coward

Re: Let's join in!!

You do have a point from a different angle: that day seems perfect to mount a real attack, because everyone will assume it's benign and part of the test.

1
0
Anonymous Coward

Re: Let's join in!!

I'm at the Waking Shark exercise now. Not really many people here who look like 'IT bods'. Mostly just a bunch of bigwigs who wouldn't have to do any of the legwork should any kind of attack happen.

Seems to be mostly a decision making exercise.

0
0
Bronze badge

according to Professor Stupples. "They are stress testing systems against known threats,"

I should be most interested to know how the professor would test for unknown threats.

2
0
Silver badge

known knowns, known unknowns, etc.

Perhaps "published" threats would have been a more precise phrase but we know what he meant. Basically the sorts of incompetence we gripe about all the time here: failure to install the Adobe/Oracle/MS/*nix repository patches that have been published for at least 6 months, plus a raft of 101 stuff that is a bit beyond basic patching. (Not that basic patching is necessarily an easily accomplished task in a complex environment.)

0
0
Gold badge
Happy

So kids sounds like perfect cover for anyone planning some mischief.

Not of course that I would advocate such behaviour, which would be illegal under assorted UK laws.

1
0

"Barry Shteiman"

That's a name I'd take care when typing.

SD

0
1
Facepalm

Attack of the cyber stress test ..

Would this 'cyber stress test' consist of simulating a massive DDOS attack from a vast army of compromised Windows Desktop computers?

http://searchsecurity.techtarget.com/definition/distributed-denial-of-service-attack

0
0
Bod

WOPR

Just better be sure the similation computer isn't connected to the phone line.

0
0
Silver badge
Devil

Re: WOPR

It'll be ok. They deleted all the backdoor passwords.

0
0
This topic is closed for new posts.