US and UK to coordinate on financial services cyber security testing

Out-Law News | 19 Jan 2015 | 1:02 pm | 1 min. read

UK banks and other financial services companies will have their cyber security measures tested by UK and US authorities later this year, it has been announced.

The "joint exercise" will be part of a wider collaboration between the UK and US on cyber security matters, the White House said.

"The United States and United Kingdom are committed to our ongoing efforts to improve the cyber security of our critical infrastructure and respond to cyber incidents," a statement issued by the White House said. "Both governments have agreed to bolster our efforts to increase threat information sharing and conduct joint cyber security and network defence exercises to enhance our combined ability to respond to malicious cyber activity. Our initial joint exercise will focus on the financial sector, with a program running over the coming year." 

UK prime minister David Cameron said the cyber security test would represent a "step up" from previous initiatives, according to an interview with the BBC.

"This is a real signal that it is time to step up the efforts and do more," Cameron said. "It is not just about protecting companies, it is also about protecting people's data, about protecting people's finances. These attacks can have real consequences to people's prosperity."

UK intelligence and security services GCHQ and M15 will participate in a new "joint cyber cell" with the US National Security Agency and FBI.

"GCHQ and MI5 are working with their US partners to further strengthen UK-US collaboration on cyber security by establishing a joint cyber cell, with an operating presence in each country." GCHQ said. "Aimed at strengthening mutual cyber defence, it will bring together agencies and law enforcement and allow staff from each agency to be co-located, enabling information and data to be shared at pace and at greater scale." 

The 'cells' will "work out not only how we best protect ourselves but how we create a system where countries and hostile states and organisations know they shouldn't attack us", Cameron said.

GCHQ has separately issued updated cyber security guidance for businesses which builds on the '10 steps' guidance previously issued in 2012.

The new guidance has been released alongside a new government report which highlights some shortcomings among FTSE350 companies in the way they approach cyber security (52-page / 9.32MB PDF).

The report, based on a survey of board members at 108 FTSE350 companies, said that whilst board room awareness of cyber risk matters has improved since 2013, some boards still do not have a sufficient handle on the cyber risks facing their organisation.

"For the majority of boards (56%) cyber risk is a subject they hear about occasionally - biannually or when something has gone wrong - but 24% said they rarely did so or did not consider it board level business," the report said. "However, 16% of boards were reported to regularly consider cyber security issues or actively manage their cyber risk profile."