'Bank of England sends in hackers to test lenders’ defences' diff viewer (0/1)

This article is from the source 'independent' and was first published or seen on June 10, 2014 12:00 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.independent.co.uk/news/business/news/bank-of-england-goes-on-attack-against-cyber-crime-9520931.html

The article has changed 2 times. There is an RSS feed of changes available.

Previous version 1 Next version

Version 0	Version 1
~~Bank of England goes on attack against cyber crime~~	Bank of England sends in hackers to test lenders’ defences
2014-06-10 12:05:14 UTC	2014-06-11 01:35:12 UTC (about 14 hours later)
The Bank of England is ~~set~~ to ~~unleash~~ an ~~army~~ of ~~intelligence~~ ~~experts~~ ~~and~~ ~~licensed~~ hackers to ~~probe~~ ~~the~~ ~~defences~~ of Britain’s biggest banks as ~~its~~ ~~steps~~ up ~~efforts~~ to ~~combat~~ ~~cyber~~ ~~crime.~~	The Bank of England is to let hackers loose on Britain’s biggest banks to test their defences against cyber-attacks.
~~Threadneedle~~ ~~Street~~ ~~has~~ ~~acted~~ ~~after~~ ~~last~~ ~~year’s~~ ~~recommendation~~ ~~from~~ ~~its~~ ~~Financial~~ ~~Policy~~ ~~Committee~~ to ~~test~~ ~~and~~ ~~improve~~ the ~~resilience~~ of the ~~financial~~ ~~system~~ to ~~cyber-attack.~~	Under the Bank’s new framework, known as CBEST, hackers working for private security firms will identify the vulnerabilities of individual institutions, and replicate the methods of malicious attackers.
~~Under~~ its ~~new~~ ~~framework,~~ ~~known~~ as ~~CBEST,~~ ~~government~~ ~~intelligence~~ ~~will~~ be used by ~~private~~ ~~security~~ firms and ~~hacking~~ ~~companies~~ to ~~identify~~ the ~~vulnerabilities~~ of ~~individual~~ ~~institutions,~~ ~~and~~ ~~replicate~~ ~~the~~ ~~methods~~ of potential ~~attackers.~~ It ~~comes~~ as ~~internet~~ ~~security~~ ~~giant~~ ~~McAfee~~ ~~put~~ ~~the~~ ~~global~~ ~~cost~~ of ~~cyber-crime~~ at ~~£266~~ ~~billion~~ ~~today.~~	The Bank said its simulation would be superior to the digital security checks currently used by financial firms because it would be based on real threat intelligence and focus on the more sophisticated potential attacks on systems.
The ~~surgical~~ ~~strikes~~ ~~are~~ a ~~step~~ up from the ~~less~~ ~~sophisticated~~ ~~tests~~ ~~banks~~ ~~use~~ at ~~present~~ on ~~their~~ IT ~~systems~~ ~~which~~ ~~used~~ ~~broad-based~~ ~~attacks~~ to ~~probe~~ ~~web~~ ~~defences.~~	The move follows last year’s recommendation from the Bank’s Financial Policy Committee to beef up the resilience of the financial system to malicious hacking and cyber-crime.
~~The~~ ~~results~~ of the new ~~tests,~~ ~~including~~ the ~~extent~~ of the ~~access~~ ~~the~~ ~~hackers~~ ~~gain~~ and the ~~damage~~ ~~they~~ ~~can~~ ~~cause,~~ ~~will~~ be ~~shared~~ ~~with~~ ~~both~~ ~~the~~ ~~individual~~ ~~banks~~ and ~~the~~ ~~Prudential~~ ~~Regulation~~ ~~Authority.~~	Andrew Gracie, the Bank’s executive director of resolution, unveiled the new framework at the British Bankers’ Association cyber conference. “The idea of CBEST is to bring together the best available threat intelligence from government and elsewhere, tailored to the business model and operations of individual firms, to be delivered in live tests, within a controlled testing environment,” he said.
~~The~~ ~~Bank~~ of ~~England’s~~ ~~executive~~ ~~director~~ ~~for~~ ~~Resolution,~~ ~~Andrew~~ ~~Gracie,~~ ~~said:~~ “Unlike physical attacks which are localised, these attacks are international and know no boundaries.	“Unlike physical attacks which are localised, these attacks are international and know no boundaries. Cyber defence, as a result, has become not a matter of designing a hard perimeter that can repel attacks but detecting where networks have been penetrated and responding effectively.”
~~Cyber~~ ~~defence,~~ as a ~~result,~~ ~~has~~ ~~become~~ ~~not~~ a ~~matter~~ of ~~designing~~ a ~~hard~~ ~~perimeter~~ ~~that~~ ~~can~~ ~~repel~~ ~~attacks~~ ~~but~~ ~~detecting~~ ~~where~~ ~~networks~~ ~~have~~ ~~been~~ ~~penetrated~~ and ~~responding~~ ~~effectively~~ ~~where~~ ~~this~~ ~~occurs.”~~	The results, including the extent of the access the licensed hackers gain and the damage they could potentially cause, will be shared with both the individual banks and the Prudential Regulation Authority.
He ~~told~~ ~~the~~ ~~British~~ ~~Bankers’~~ ~~Association:~~ “The ~~idea~~ of ~~CBEST~~ is to ~~bring~~ ~~together~~ the ~~best~~ ~~available~~ ~~threat~~ intelligence ~~from~~ ~~government~~ ~~and~~ ~~elsewhere,~~ ~~tailored~~ to the ~~business~~ ~~model~~ and ~~operations~~ of ~~individual~~ ~~firms,~~ to be ~~delivered~~ in ~~live~~ ~~tests,~~ ~~within~~ a ~~controlled~~ ~~testing~~ ~~environment.~~	“The results should provide a direct read-out on a firm’s capability to withstand cyber-attacks which – on the basis of current intelligence – have the most potential, combining probability and impact, to have an adverse impact on financial stability” Mr Gracie said.
~~“The~~ ~~results~~ ~~should~~ ~~provide~~ a ~~direct~~ ~~read-out~~ on a ~~firm’s~~ ~~capability~~ to ~~withstand~~ ~~cyber-attacks~~ ~~which~~ — on the ~~basis~~ of ~~current~~ ~~intelligence~~ — have the ~~most~~ ~~potential,~~ ~~combining~~ ~~probability~~ ~~and~~ ~~impact,~~ to ~~have~~ an ~~adverse~~ ~~impact~~ on ~~financial~~ ~~stability.”~~	The industry will not be forced to take part but the Bank, which unveiled CBEST unofficially two weeks ago, has seen strong interest from financial institutions. It will cost a bank about £100,000 to have its systems tested under the new regime, which cost about £200,000 to develop.
The ~~new~~ ~~framework~~ ~~will~~ ~~not~~ be ~~compulsory~~ ~~but~~ the Bank — ~~which~~ ~~launched~~ ~~CBEST~~ ~~unofficially~~ to ~~the~~ ~~industry~~ ~~two~~ ~~weeks~~ ~~ago~~ — ~~has~~ ~~seen~~ ~~strong~~ ~~interest~~ ~~from~~ UK ~~financial~~ ~~industry~~ so ~~far.~~	The internet security giant McAfee has estimated the global cost of cyber-crime at £266bn. In December, the Royal Bank of Scotland said its platform was briefly attacked by hackers, causing problems for customers trying to get access to their accounts.
It ~~will~~ ~~cost~~ a ~~bank~~ ~~typically~~ ~~around~~ ~~£100,000~~ to have ~~its~~ ~~systems~~ ~~tested~~ ~~under~~ the ~~new~~ ~~regime,~~ ~~which~~ ~~cost~~ ~~around~~ ~~£200,000~~ to ~~develop.~~	The Bank expects to have 18 testing companies and nine intelligence firms accredited to carry out the tests after working with the Council for Registered Ethical Security Testers and the intelligence firm Digital Shadows to develop new industry standards.
The Bank — ~~presided~~ ~~over~~ by ~~Mark~~ ~~Carney~~ — ~~expects~~ to ~~have~~ 18 ~~testing~~ ~~companies~~ ~~and~~ ~~nine~~ ~~intelligence~~ firms ~~accredited~~ to ~~carry~~ ~~out~~ ~~the~~ ~~tests~~ ~~after~~ ~~working~~ ~~with~~ ~~the~~ ~~Council~~ ~~for~~ ~~Registered~~ ~~Ethical~~ ~~Security~~ ~~Testers~~ and ~~intelligence~~ ~~firm~~ ~~Digital~~ ~~Shadows~~ to ~~develop~~ ~~new~~ ~~industry~~ ~~standards.~~	The Bank told City firms in February they needed to act more quickly and report to regulators in more detail if they became subject to cyber-attacks from criminal gangs or terrorists. The warning followed a three-day exercise, Waking Shark II, which simulated an attack on the City.
~~The Bank told City firms in February that they needed to act more quickly and report to regulators in more detail if they become subject to cyber attacks from criminal gangs or terrorists.~~
~~The warning followed the results of a massive three-day exercise dubbed Waking Shark II to simulate an attack on the City.~~

Previous version 1 Next version