US and UK join forces for cyber 'war games'

The UK and US will increase their co-operation on cyber-security, with some kind of transatlantic 'Waking Shark' banking exercise seemingly in the pipeline.

US and UK join forces for cyber 'war games'
US and UK join forces for cyber 'war games'

This arrangement comes as a result of Prime Minister David Cameron's two-day visit to Washington to meet President Barack Obama, where the main subjects of conversation have been the economy and national security.

Cameron says that this new partnership will see the launch of both “cyber-cells” to share intelligence and “cyber-war games” – exercises where simulated cyber-attacks are tested against the IT defences of organisations such as banks.

Agents from GCHQ, MI5, NSA and FBI are already working in the US division of the “cyber-cell”, and a similar arrangement is expected in the UK.

"We have got hugely capable cyber-defences, we have got the expertise and that is why we should combine as we are going to, set up cyber-cells on both sides of the Atlantic to share information," Cameron told the BBC on Friday.

These cyber “war games” will be conducted by the British and US intelligence agencies to test their resilience against cyber-attacks, with the PM and President to announce that the first simulated attack will be set up later this year at City of London and Wall Street banks.

The war game against the financial sector will be done in co-operation with the Bank of England, which has won high praise in the past for its series of ‘Waking Shark' cyber-exercises.

James Chappell, founder and CTO of cyber-intelligence firm  Digital Shadows, said that the move was ‘exciting news, a great opportunity for collaboration' and believes that it could be an opportunity to ‘piggy back' off existing schemes, such as the CBEST pen-testing exercise in the UK.

“I think that collaboration can only help from a cyber-security perspective. It's well known that there's been collaboration between the agencies and that's happened for some time.”

Asked what the agreement could entail, he added: “I think it's around professionalism – getting the best from both countries and improving how industry can work together. At this time, the collaboration shows the maturing approach to security.”

However, Chappell – whose firm Digital Shadows was one of the 12 companies to join Cameron on the trip – warned that, despite the recent terrorist attacks in France, cyber and terrorist attacks can be very different things.

“The physical and virtual worlds are more connected than they've ever been before, and the agencies are responsible for both of these areas. In my experience as a cyber-security professional, I think the lines are blurring to some extent.

“We've got to be careful not to over-inflate some attacks and compare them to what happened in Paris. But at the same time we do leave a digital footprint, and some of it is relevant from a security and risk perspective. You can learn more about your adversary by observing your adversary.”

Stuart Murdoch, CEO of Surevine – an open-source social software provider, also on the delegation, added in an email to SC: "Greater collaboration between the UK and US is crucial to successfully detecting and combating cyber-threat. We need solutions that help create greater communication across all borders; between countries, industries and organisations. The Cyber-Security Information Sharing Partnership (CISP) platform is one example of such collaboration, helping companies form a united front against hackers, and share information securely about the nature of cyber-attacks."

Page 1 of 2