Categories: SecurityWorkspace

Bank of England Sets Up Cyber Attack Test Scheme

The Bank of England today announced a scheme which aims to create better stress tests amongst financial institutions to see whether their ability to cope with super-sophisticated cyber attacks is up to snuff.

The ultimate aim of the programme, called CBEST, is to help prevent attacks that could “undermine financial stability in the UK”, its creators said, whilst promising access to “advanced and detailed cyber threat intelligence”.

CREST, the not-for-profit body representing the technical information security industry, worked with the Bank of England (BoE), Her Majesty’s Treasury and the Financial Conduct Authority to create the CBEST framework.

The Bank of England warned in December that thanks to vulnerabilities in banking infrastructure, the industry could suffer “significant” losses.

Banks to get better at cyber defence?

It’s believed to be the first initiative of its type to be led by any of the world’s central banks and should help financial institutions better prepare for the increasingly dangerous threat landscape, said Andrew Gracie, executive director for resolution at the Bank of England.

“Although existing penetration testing services in the financial services sector have provided a good level of assurance against traditional attacks, they do not address more sophisticated cyber attacks on critical assets,” said Ian Glover, president of CREST.

“CBEST tests have been designed to replicate the behaviours of serious threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to important financial institutions.”

Any providers that want to join the scheme and help improve banks’ resilience to attacks will have to get CBEST accreditation.

The UK’s top banks had previously come together for a handful of cyber stress tests, most notably in the Waking Shark events that sought to simulate an attack on their communications infrastructure. Whilst deemed a success, some participants said they wanted harder challenges.

CREST recently helped the UK government establish the Cyber Essentials certification scheme, designed to show which organisations have sufficiently protected their infrastructure.

Both Cyber Essentials and CBEST are part of a wider government agenda to boost digital security across the UK, as more criminals move online and the threat from other nation states becomes more severe.

How well do you know network security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

7 mins ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

55 mins ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

17 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

18 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

19 hours ago

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

20 hours ago