The U.S. and U.K. will hold joint “cyber wargames” to improve cooperation between the two countries. But President Barack Obama stopped short of endorsing British Prime Minister David Cameron’s campaign to outlaw encryption for phones and email that law enforcement wouldn’t be able to penetrate, Bloomberg reported.
The two nations also plan to form a joint cybersecurity unit that would increase cooperation between the FBI and the U.K.’s internal security agency, MI5, as well as between the NSA and its U.K. counterpart, the GCHQ, Obama and Cameron announced last week.
Under the plan for the joint cyber wargames, agents from both the FBI and MI5 will form the “cyber cells” that will participate in the exercises. The drills will begin with a simulated attack against the Bank of England and commercial banks, according to Bank Info Security.
“GCHQ has massive expertise,” Cameron told a press conference. “Cyber-attacks is one of the big modern threats that we face. This is a real signal it’s time to step up the efforts and to do more.”
Obama also characterized online attacks, such as the hack against Sony Pictures, as an “urgent and growing danger.” But while he said it’s “a problem” when police and intelligence agencies can’t intercept communications to stop specific terrorist plots, Obama didn’t endorse Cameron’s push to require technology companies to weaken encryption to make monitoring easier for law enforcement. He said his administration is discussing the problem with tech companies to find a solution.
Information security experts and privacy rights groups have characterized the anti-crypto moves as being technically unworkable, and have warned that weaker encryption would put banking, e-commerce and payments at greater risk from online attackers.
The cyber wargames agreement capped months of increased attention to cybersecurity by the White House, starting in October, when Obama endorsed the shift to EMV chip security by announcing that all 9 million federal government payment cards will be replaced with EMV chip-and-PIN versions by early 2015. The latest move was last Monday, when in the wake of the Sony attack Obama announced a push for a 30-day deadline for disclosing payment-system breaches.