Last week the U.K. and U.S. authorities decided to combine their forces in order to run a resilience exercise on the banking industry, aptly named Operation Resilient Shield.
Information Sharing Focus
Rather than focusing primarily on fending off teams of hackers, the exercise focused first and foremost on improving the sharing of information and planning in the context of a possible cyber-attack.
The transatlantic, paper-based operation did not test any individual financial systems or financial firms, nor did it test the possible actions of security agencies, intelligence agencies, or any other law enforcement bodies. Instead, the exercise was designed on bettering the understanding of both governments as well as the industry as a whole, in the areas of information sharing, the handling of incident responses, and public communication.
The U.K. Financial Authorities, CERT-UK, and the Office of Cyber Security & Information Assurance were among the participants from the U.K. side, while representatives from the Department of the Treasury, the White House National Security Council, and the Department of Homeland Security took part from the U.S., with numerous financial sector organizations participating as well.
Among the central goals of the Operation Resilient Shield was the exchange of information on what has proven to be best practices in both countries between the two governments, as well as between the government and the financial sector. The process also provided an opportunity for both sides to better understand the sharing protocols for cyber security information from each country, as well as their coordination methods for incident responses.
While the operation did not amount to the usual “cyber war game”, analysts agree that it was a worthwhile exercise that boosted cooperation in cyber security through improving mechanisms and processes which help preserve joint awareness of threats to cyber security between the governments of the two countries and the private sector.