Blighty's banks prep for repeated kicks to cyber-'nads in Operation Waking Shark II Financial firms and banks across London will be hit with a cyber war game scenario tomorrow to test how well they could hold up under a major IT attack. Sources whispered to Reuters that the cyber stress test already known to be taking place sometime this month would actually hit the finance sector on 12 November. "Waking …
No matter how many times I read the headline, it seems that the use of "-'nads" (*) conditions my brain to mis-read "waking" and makes me think "hmm, didn't know sharks were in to that sort of thing. Thought that was dolphins".
Naughty headline writers forcing our innocent reader's brains to think of such things...
(*) Could also be "Banks", I suppose.
I was in Sainsbury once when all the lights went out. And the tills. But the tills were back about five minutes after the lights came back. As a computer person, I was impressed: I have known some networks that needed an hour or two of tinkering before re-use.
I shall be in Sainsbury again tomorrow. For how long, we shall see.
Then there was my neighbour who, a year or two ago, took a day off work to do Xmas shopping. But the power was out in the High Street, and they could take even cash. Wasted day!
So the big threat is mains failure.
Tests of serious things, from computer systems to armadas and nuclear weapons have always been really difficult to manage things. The results won't really reflect those of a true attack as there is forewarning, but if you don't announce it there could be serious repercussions. Panicking the panicky bastards in the finance world with an unannounced test could cause billions in losses and panicking the Captain of a destroyer could start a war.
There are papers out there regarding testing and attack simulations, they get way into game theory and measuring secondary effects to extrapolate possible primary effects. They're boring as shit. At the end of the day there's general agreement that gathering some data is better than no data or causing a panic. It might very well be that a problem in an assumed effective process is identified and can be fixed.
Perhaps "published" threats would have been a more precise phrase but we know what he meant. Basically the sorts of incompetence we gripe about all the time here: failure to install the Adobe/Oracle/MS/*nix repository patches that have been published for at least 6 months, plus a raft of 101 stuff that is a bit beyond basic patching. (Not that basic patching is necessarily an easily accomplished task in a complex environment.)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
