CybersecurityU.S.-U.K. cyber war games to test the two countries’ cyber resilience

Published 22 January 2015

American and British security agencies have agreed to a new round of joint cyber “war games” to test each country’s cyber resilience. The move comes after a year of high profile cyberattacks against the U.S. private sector and after warnings from the U.K. Government Communications Headquarters that computer networks of British firms face daily attacks by hackers, criminal gangs, competitors, and foreign intelligence services.

American and British security agencies have agreed to a new round of joint cyber “war games” to test each country’s cyber resilience. The move comes after a year of high profile cyberattacks against the U.S. private sector and after warnings from the U.K. Government Communications Headquarters that computer networks of British firms face daily attacks by hackers, criminal gangs, competitors, and foreign intelligence services.

Just as we have worked with our closest ally, the U.S., to protect our people and our countries from traditional threats, so we must work together to defend ourselves from new threats like cyberattacks,” British prime minister David Cameron said last week.

The games will build on the successes of previous collaborations which have been a regular occurrence for nearly a decade. The cybersecurity industry supports the effort and many feel increasing collaboration between both countries is long overdue. “U.S. exercises, such as Cyber Flag and Cyber Guard which take place every year, have been a crucial factor in developing qualified responses to cyberattacks,” said Andy Settle, chief cybersecurity consultant and head of practice at Thales U.K. Unlike previous war games, the new exercises will go beyond testing systems for resilience against standard threats and will instead focus on custom malware built specifically to infiltrate a particular service, company, or industry.

According to ComputerWeekly, the major 2014 cyberattacks show that the economy and financial sector of both the United States and the United Kingdom are under considerable threat from cybercriminals and state-sponsored actors. Robert Norris, director enterprise and cybersecurity, Fujitsu U.K. and Ireland, worries that a recent Fujitsu research revealed that only a third of financial services organizations are “very confident” that they could guarantee security measures in the event of an IT failure. “Clearly there is a need to address these issues to ensure the finance industry does not fall victim to significant cyberattacks. The collaboration between the U.S. and U.K. will bring together companies at the forefront of the cyber security industry to share knowledge, skills and technologies which will help to address these growing threats and strengthen the defenses already in place,” he said. The first U.S.-U.K. cyber drill will involve the Bank of England and commercial banks, targeting London and Wall Street, following “further exercises to test critical national infrastructure,” according to a spokesperson for Cameron.

DHS has already issued voluntary cybersecurity guidelines for securing critical infrastructure, but hackers are constantly building more complex techniques to bypass security systems, therefore regular exercises will help keep cyber defenses up to date. “With the majority of their critical national infrastructure running on connected networks, these industries cannot afford to take any liberties,” said Ross Brewer, vice-president and managing director for international markets at LogRhythm.