Financial regulators are taking note of responses to natural disasters such as Hurricane Sandy, as they prepare for cyber war games that will simulate mock breaches at banks in Wall Street and London.
The Financial Times (FT) reports that number two official at the US Treasury Department, Sarah Bloom Raskin has said the lessons learnt from Hurricane Sandy have already been incorporated into US mock cyber attacks on financial institutions.
Hurricane Sandy, which was the most destructive hurricane to hit the north eastern coast of the US in 2012, severely disrupted financial dealings in the US and forced the American stock markets to shut down for two days.
According to the FT, Raskin who was previously a Federal Reserve governor in 2012, said financial groups need to create procedures for an orderly shutdown and reboot in the event of a high-impact cyber breach.
Speaking about the shutdown of the NASDAQ and New York stock exchanges during Hurricane Sandy, Raskin said: “It appeared quite orderly and organised but it required a lot of co-ordination. That’s where having relationships with the financial institutions, the exchanges and others regarding how these systems work is really important.”
For the past year Raskin has been leading the co-ordination of US government agencies to address growing cyber threats and is due to give a speech on cyber security during the International Financial Services Forum at City Week 2015 in London today.
The preparations are being put in place for the upcoming cyber war games which will be held jointly by the UK and US this year and will begin with a simulation focusing on the financial sector. The mock cyber attacks were announced by David Cameron in January this year, before talks with Barack Obama.
US and UK regulators have both stressed the importance of greater information sharing between the two countries and the severity of threats posed by cyber attacks and in October last year, US and UK regulators simulated the failure of the global bank to improve upon the lessons learnt from the 2008 financial crisis.
“A cyber attack shouldn’t be the first time a regulator on one side of the pond is calling a counterpart on the other side,” Raskin told the FT.
Most large companies regularly put themselves and their IT staff through exercises designed to expose their weaknesses, however, war games are the next level of these tests because they require staff to get more actively involved and test their ability to deal with stress and pressure.
According to the FT, Raskin also urges financial institutions to include cyber security policies in contracts with vendors because third-party technology vendors, which are widely used by a number of banks, have been recognised as posing some of the greatest potential cyber risks. “You operate with many third parties and given these connections, we are only as strong as our weakest link,” Raskin expected to say in her speech today.