The Bank of England is set to oversee a raft of simulated attacks against major banks and other financial organisations within the UK. The London Stock Exchange and the Royal Bank of Scotland are reportedly likely to participate.
According to a report from the Financial Times, the central bank will organise a programme of ethical hacking as it attempts to assess the level of risk within the industry.
The initiative, involving officially approved penetration testers, will use scenarios based upon current intelligence reports detailing the latest techniques employed by criminal hackers, rogue states and terrorists.
The scheme, known as cyber threat and vulnerability management, comes under the remit of Andrew Gracie, the Bank of England’s director of the UK’s special resolution unit and will build upon the lessons learned from the Waking Shark II exercise that was held late last year.
This time, however, the testing is set to be on a much larger scale and represents a move by the BoE to bolster defences against vulnerabilities that could otherwise lead to data losses or payment card detail thefts.
As you may imagine, banks are a regular target for cyber criminals looking to make some quick money and the Bank of England itself admitted last year that they are doing so with some success.
Earlier this year the business secretary Vince Cable warned intelligence chiefs that essential services within the UK remain vulnerable to cyber attack as he called for more collaboration between companies, regulators and the government in at-risk industries.
During that meeting regulators pledged to undertake more exercises so its good to see them make good on their promises at a time when high-profile incidents such as the Heartbleed bug and various data breaches have been very much in the news.
I believe it also an encouraging sign that organisations are more willing to come together to tackle a common problem and can only hope that the communication aspect is worked upon – if Waking Shark II highlighted one deficiency it was the fact that there was no formal coordination across the industry despite the fact that communication with the authorities was good.
Whilst an increase in simulated attacks is to be welcomed, especially as the threat landscape is continually evolving, they may not provide all the answers as the FT reports that antiquated systems and overloaded infrastructure within the UK banking sector may also be concerns that need addressing in the not too distant future.