Categories: SecurityWorkspace

Bank of England Sets Up Cyber Attack Test Scheme

The Bank of England today announced a scheme which aims to create better stress tests amongst financial institutions to see whether their ability to cope with super-sophisticated cyber attacks is up to snuff.

The ultimate aim of the programme, called CBEST, is to help prevent attacks that could “undermine financial stability in the UK”, its creators said, whilst promising access to “advanced and detailed cyber threat intelligence”.

CREST, the not-for-profit body representing the technical information security industry, worked with the Bank of England (BoE), Her Majesty’s Treasury and the Financial Conduct Authority to create the CBEST framework.

The Bank of England warned in December that thanks to vulnerabilities in banking infrastructure, the industry could suffer “significant” losses.

Banks to get better at cyber defence?

It’s believed to be the first initiative of its type to be led by any of the world’s central banks and should help financial institutions better prepare for the increasingly dangerous threat landscape, said Andrew Gracie, executive director for resolution at the Bank of England.

“Although existing penetration testing services in the financial services sector have provided a good level of assurance against traditional attacks, they do not address more sophisticated cyber attacks on critical assets,” said Ian Glover, president of CREST.

“CBEST tests have been designed to replicate the behaviours of serious threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to important financial institutions.”

Any providers that want to join the scheme and help improve banks’ resilience to attacks will have to get CBEST accreditation.

The UK’s top banks had previously come together for a handful of cyber stress tests, most notably in the Waking Shark events that sought to simulate an attack on their communications infrastructure. Whilst deemed a success, some participants said they wanted harder challenges.

CREST recently helped the UK government establish the Cyber Essentials certification scheme, designed to show which organisations have sufficiently protected their infrastructure.

Both Cyber Essentials and CBEST are part of a wider government agenda to boost digital security across the UK, as more criminals move online and the threat from other nation states becomes more severe.

How well do you know network security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Amazon Drivers Risk Increasing Number Of Injuries

Study shows that nearly one in five Amazon delivery drivers suffered injuries in 2021- again…

53 mins ago

Nokia CEO Predicts 2030 Arrival For 6G, But Not On Smartphone

Nokia CEO Pekka Lundmark offers his predictions as to arrival of 6G connectivity in this…

5 hours ago

Mark Zuckerberg Sued By DC AG Over Cambridge Analytica Scandal

Four years later, and Washington DC Attorney General decides to sue Mark Zuckerberg personally over…

6 hours ago

Global Digital Tax Law Not Ready Until 2024, Says OECD

Corporation tax delay. Rollout of 15 percent tax agreement for big name corporations only likely…

10 hours ago

Silicon UK In Focus Podcast: The Future of SaaS

How has Saas become an essential component of a successful business? The importance of a…

11 hours ago