BofE unveils cyber-security framework
10 June 2014 | 8090 views | 0
The Bank of England has set out a new framework designed to test for cyber vulnerabilities at financial institutions.
Several UK banks have been hit by cyber-attacks over the last year, pushing the issue up the agenda both for institutions and regulators, with the BofE telling firms to put concrete action plans in place to protect themselves.
Now the central bank has also unveiled the CBEST framework, which uses intelligence from government and accredited commercial providers to identify potential attackers to a particular financial institution.
It then replicates the techniques these potential attackers use in order to test the extent to which they may be successful in penetrating the defences of the institution. When the tests are completed, there will be workshops for the firms involved to work through the results with the testers and supervisors.
The BofE says that by using real threat intelligence, CBEST will help banks, infrastructure providers and regulators improve their understanding of the types of cyber-attacks that could undermine the UK's financial stability and how vulnerable the industry is to them.
In a speech unveiling the framework, Andrew Gracie, executive director, resolution, BofE, says: "The results should provide a direct readout on a firm's capability to withstand cyber-attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability."
The framework, which banks can sign up to on a voluntary basis, was put together by the BofE with the Council for Registered Ethical Security Testers (Crest), a not-for-profit organisation that represents the technical information security industry and Digital Shadows, a cyber-intelligence vendor.