City puts IT disaster recovery to the test

The City of London is this week analysing the results of a major business continuity planning exercise designed to test the...

The City of London is this week analysing the results of a major business continuity planning exercise designed to test the vulnerability of electronic communications links to disruption from a terrorist attack.

Forty retail and merchant banks took part in the simulation, which tested the ability of financial markets to operate after a large-scale disruption in London's financial centre.

The exercise, the first major test of the resilience of City institutions to an attack since a simulation of a chemical attack at Bank station in September 2003, is expected to be repeated annually.

The desk-based simulation tested the ability of a range of communications systems, including the web, e-mail, telephone and fax, to operate following an emergency, the Treasury said last week.

It was designed to ensure that communications links between the banks, regulatory body the Financial Services Authority and the Treasury would continue to function in a civil emergency.

Telecommunications are a weak link in business continuity planning, said Neil Robinson, security specialist at the Information Assurance Advisory Council.

"They are considered to be one of the critical infrastructures. It is challenging for companies to ensure these services are robust and resilient and secure. The risks are outside their control," he said.

Businesses may be unaware that their suppliers share infrastructure, which could leave users without communications.

"Because of the interconnected nature of telecoms, the suppliers will run their networks through the same infrastructure. The trend is increasing, which is creating vulnerabilities that customers might not be aware of," Robinson said.

The FSA said the results would be analysed and feedback given to the banks to improve their business continuity planning.

Telecoms continuity checklist       

  • Investigate the resilience of your telecoms and electricity supplier  
  • Make sure you have contacts with government bodies, such as the NISCC and business continuity organisations 
  • Keep up to date with threats and hardware and software updates 
  • Make sure you have physical redundancy of telecoms network 
  • Ensure administrators subscribe to mailing lists and forums 
  • Consider installing dedicated security hardware.

Read more on IT risk management