27 July 2016
Find out more

BofE unveils cyber-security framework

10 June 2014  |  6865 views  |  0 Bank of england

The Bank of England has set out a new framework designed to test for cyber vulnerabilities at financial institutions.

Several UK banks have been hit by cyber-attacks over the last year, pushing the issue up the agenda both for institutions and regulators, with the BofE telling firms to put concrete action plans in place to protect themselves.

Now the central bank has also unveiled the CBEST framework, which uses intelligence from government and accredited commercial providers to identify potential attackers to a particular financial institution.

It then replicates the techniques these potential attackers use in order to test the extent to which they may be successful in penetrating the defences of the institution. When the tests are completed, there will be workshops for the firms involved to work through the results with the testers and supervisors.

The BofE says that by using real threat intelligence, CBEST will help banks, infrastructure providers and regulators improve their understanding of the types of cyber-attacks that could undermine the UK's financial stability and how vulnerable the industry is to them.

In a speech unveiling the framework, Andrew Gracie, executive director, resolution, BofE, says: "The results should provide a direct readout on a firm's capability to withstand cyber-attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability."

The framework, which banks can sign up to on a voluntary basis, was put together by the BofE with the Council for Registered Ethical Security Testers (Crest), a not-for-profit organisation that represents the technical information security industry and Digital Shadows, a cyber-intelligence vendor.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

New York to step up assessment of bank cyber-security plans

New York to step up assessment of bank cyber-security plans

08 May 2014  |  10063 views  |  0 comments | 10 tweets | 8 linkedin
SEC to conduct market-wide cyber-security checks

SEC to conduct market-wide cyber-security checks

16 April 2014  |  5317 views  |  0 comments | 3 tweets | 3 linkedin
As cyber threat grows, EU regulators warn FS firms on IT budgets

As cyber threat grows, EU regulators warn FS firms on IT budgets

03 April 2014  |  6197 views  |  0 comments | 9 tweets | 2 linkedin
White House sets out voluntary cybersecurity framework

White House sets out voluntary cybersecurity framework

13 February 2014  |  5278 views  |  0 comments | 12 tweets | 8 linkedin
BofE says banks under cyber-attack

BofE says banks under cyber-attack

29 November 2013  |  5460 views  |  0 comments | 10 tweets | 7 linkedin
London banks embark on 'Waking Shark 2' cyber war games

London banks embark on 'Waking Shark 2' cyber war games

12 November 2013  |  4823 views  |  0 comments | 3 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comVisit VocaLink.comVisit www.abe-eba.eu

Top topics

Most viewed Most shared
satelliteContactless Bitcoin startup Plutus Tap &am...
9412 views comments | 9 tweets | 4 linkedin
MasterCard agrees £700m VocaLink acquisitionMasterCard agrees £700m VocaLink acqu...
9291 views 14 comments | 32 tweets | 38 linkedin
Apps crush internet for UK banking loginsApps crush internet for UK banking logins
7923 views comments | 18 tweets | 25 linkedin
hands typing furiouslyHow machine learning can cut costs on tran...
5984 views 0 | 9 tweets | 3 linkedin
Thomson Reuters and Imperial College form fintech and regtech research partnershipThomson Reuters and Imperial College form...
5959 views comments | 29 tweets | 16 linkedin

Featured job


Brussels (Belgium) or Paris (France)

Find your next job