US, UK to hack banks to test cybersecurity


U.K. and U.S. security services could hack their countries' own banks, in order to test their defences against cyberattacks.

The so-called "war games" are expected to be announced later on Friday, as British Prime Minister David Cameron continues his two-day talks at the White House with U.S. President Barack Obama. The initiative is likely to be led by U.K. intelligence agency GCHQ and the U.S. National Security Agency (NSA).

loveguli | iStock/Getty Images Plus | Getty Images

The Bank of England and U.S. Federal Reserve are likely to be tested too.

But why would the U.S. and Britain hack their own banks?

Cyber threat

Last year saw some of the biggest cyberattacks in history, with one of the world's biggest banks, JPMorgan, suffering a serious breach and Hollywood studio Sony Pictures Entertainment falling victim to major information leaks.

Cyberattacks are only likely to increase in 2015, security experts warned, and the financial sector is at major risk.

"The financial sector is, has been, and will remain, in the sights of online criminals, because they deal with a lot of money and that is the target, but they also deal with a lot of personal information and that's a sellable resource," Rik Ferguson, vice president of security research at Trend Micro, told CNBC by phone.

Are banks safe?

Cyberattacks are considered a "tier one" security threat in the U.K., on par with terrorism. Banks are considered part of the national infrastructure of a country and have already been attempting to bolster their cyber defences.

Financial services are "very well protected" according to Eugene Kaspersky, CEO of Kaspersky Labs.

Read MoreTop 5 cybersecurity risks for 2015

"They invest a lot into their cybersecurity. The banks from time-to-time are victims of the cyberattacks, but all these attacks are very professional," Kaspersky told CNBC.

What are war games?

The plans put forward by the U.S. and U.K. government will be what is known in the cybersecurity industry as "penetration testing".

"They are very important, necessary and effective. Every organization should be carrying out. You can't build and effective defence without penetration testing," Ferguson said.

Every company vulnerable to hack attack

The hope is that vulnerabilities will be discovered and then patched up, in order to prevent real hackers attacking a bank's networks.

"It is looking for gaps that have been understood before and seeing if they exist in the particular organization that you are trying to help," Dave Palmer, director of technology at Darktrace, told CNBC. Darktrace's CEO Nicole Eagan accompanied Cameron on his trip to the U.S.


Hacking Wall Street and the City of London might cause alarm bells to start ringing. After all, "war games" in cyber space shouldn't be taken in a light way.

But security experts struck a reassuring note, suggesting that the benefits far outweigh the risks.

"Penetration testers will always tell you the horror story of attacking a live system and taking it down. But we would much rather know that than let an enemy do it to us," Tim Watson, the director of the cybersecurity center at the University of Warwick, told CNBC by phone.