Today (12 November 2015) the UK and US governments conducted a joint exercise with leading global financial firms to enhance our cooperation and ability to respond effectively to a cyber-incident in the finance sector.
Announced earlier this year by Prime Minister Cameron and President Obama, this exercise is part of enhanced transatlantic engagement on cybersecurity. It reflects the importance of international co-operation in cyber space, especially given the interconnectedness of the global financial system.
Chancellor of he Exchequer, George Osborne said:
Our national security is a priority for this government and that includes defending our cyber space.
We train and prepare for the threat of a financial cyber-incident. That is why this exercise is so important, and we will continue to work with our partners in the US to enhance our cyber cooperation.
US Treasury Secretary Jacob J. Lew said:
In our increasingly interconnected world, cyber criminals do not respect national borders and they target government, private industry and individual citizens alike.
Confronting the cyber threat is a team effort that requires coordination at all levels. Today’s exercise with our U.K. partners is an important step to ensure that we are doing all we can to share threat information, adopt best practices and support our collective resiliency.
The exercise was not a test of individual financial firms or financial systems, but was designed to improve understanding across our governments and industry in three main areas:
- information sharing
- incident response handling
- public communications
This exercise is another step in the ongoing work between the UK and US to enhance our cyber programmes and the resilience of our financial sectors.
Participants from the UK included CERT-UK, the UK Financial Authorities (HM Treasury, the Bank of England and the Financial Conduct Authority), Cabinet Office, the National Crime Agency, the Office of Cyber Security & Information Assurance and UK Intelligence.
Participants from the US included the White House National Security Council, the Department of the Treasury, the Department of Homeland Security, the Federal Bureau of Investigation, the US Secret Service, the Board of Governors of the Federal Reserve System, the Federal Reserve Bank of New York, Federal Reserve Bank of Chicago, U.S. Intelligence Community, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, U.S. Securities and Exchange Commission, U.S. Commodity Futures Trading Commission, and the National Credit Union Administration.
This exercise looked at how we can enhance cyber security cooperation by:
- enhancing processes and mechanisms for maintaining shared awareness of cyber security threats between US and UK governments and the private sector
- furthering mutual understanding of each country’s cyber security information sharing processes and incident response coordination structures, including scenarios that may call for a coordinated response and public communications
- exchanging best practices domestically and between the US and UK on a government-to-government and government-to-financial sector basis
The exercise did not:
- amount to a ‘cyber war game’ or include live play
- test the actions of law enforcement or the security and intelligence agencies
- seek to involve the entire range of the UK and US finance sectors
- seek to test individual firms or financial systems, but instead rehearse communication and co-ordination links