Cyber attack "war game" to test London banks on November 12

LONDON (Reuters) - Thousands of staff across dozens of London financial firms will be put through a “war games” scenario on Tuesday to test how well they can handle a major cyber attack, people familiar with the matter said.

In one of the largest exercises of its kind in the world, the test dubbed “Waking Shark II” will bombard firms with a series of announcements and scenarios, such as how a major attack on computer systems might hit stock exchanges and unfold on social media.

It will be co-ordinated from a single room housing regulators, government officials and staff from banks and other financial firms, people familiar with the matter said.

Hundreds more people are expected to be involved from their own offices as the “war game” plays out, they said.

Simulations are likely to include how banks ensure the availability of cash from ATM machines or deal with a liquidity squeeze in the wholesale market and how well firms communicate and coordinate with authorities and each other.

There will be a particular focus on investment banking operations, one of the sources said.

Regulators and firms are growing increasingly concerned about the threat of cyber crime to the banking system, including the impact of coordinated online assaults or hacking attacks on specific banks and the Bank of England’s Financial Policy Committee has already told banks to strengthen defenses.

British police arrested eight people in September after a cyber attack on the computer system of a branch of Barclays, just a week after 12 men were arrested for allegedly planning to steal millions of pounds from a Santander UK branch with a similar remote device.

London is not alone in testing its preparation. New York staged “Quantum Dawn 2” a few months ago to simulate how firms would cope with a cyber attack in markets.

Next week’s London event will be co-ordinated by the Bank of England, the Treasury and Financial Conduct Authority, and follows a similar exercise two years ago.

The three regulators declined to comment.

The 2011 event involved “a concerted cyber attack upon the financial sector” that disrupted wholesale and retail payments and online services and included more than 3,500 people, according to an evaluation published the next year.

Eighty-seven firms were involved, included hedge funds, asset managers and brokers, as well as banks, insurers and exchanges. Representatives from organizations such as the Centre for the Protection of National Infrastructure (CPNI) and the Cyber Security Operations Centre (CSOC) were also involved.

Firms were asked to assume the test was carried out on the busiest day of the London 2012 Olympic Games, when many staff would not be in the office.

Next week’s test will be the seventh market-wide exercise carried out by UK authorities to test the resilience of the financial industry to a variety of potential shocks.

Past events have included simulated storms, flooding and transport chaos in 2009 and a flu pandemic in 2006.

A report on the outcome of the test will be released late this year or early in 2014, one of the sources said.

Additional reporting by Kirstin Ridley and Matt Scuffham; Editing by Mark Potter