The City of London is this week analysing the results of
a major business continuity planning exercise designed to test the
vulnerability of electronic communications links to disruption from
a terrorist attack.
Forty retail and merchant banks took part in the simulation, which
tested the ability of financial markets to operate after a
large-scale disruption in London's financial centre.
The exercise, the first major test of the resilience of City
institutions to an attack since a simulation of a chemical attack
at Bank station in September 2003, is expected to be repeated
annually.
The desk-based simulation tested the ability of a range of
communications systems, including the web, e-mail, telephone and
fax, to operate following an emergency, the Treasury said last
week.
It was designed to ensure that communications links between the
banks, regulatory body the Financial Services Authority and the
Treasury would continue to function in a civil emergency.
Telecommunications are a weak link in business continuity planning,
said Neil Robinson, security specialist at the Information
Assurance Advisory Council.
"They are considered to be one of the critical infrastructures. It
is challenging for companies to ensure these services are robust
and resilient and secure. The risks are outside their control," he
said.
Businesses may be unaware that their suppliers share
infrastructure, which could leave users without
communications.
"Because of the interconnected nature of telecoms, the suppliers
will run their networks through the same infrastructure. The trend
is increasing, which is creating vulnerabilities that customers
might not be aware of," Robinson said.
The FSA said the results would be analysed and feedback given to
the banks to improve their business continuity planning.
Telecoms continuity checklist
- Investigate the resilience of your telecoms and electricity
supplier
- Make sure you have contacts with government bodies, such as the
NISCC and business continuity organisations
- Keep up to date with threats and hardware and software
updates
- Make sure you have physical redundancy of telecoms
network
- Ensure administrators subscribe to mailing lists and
forums
- Consider installing dedicated security hardware.