The Bank of England is to oversee an ethical hacking programme as part of a broader assessment of the reliability of its information security defences
According to a report by the FT, this is part of an assessment of more than 20 major banks and other financial players in the UK and the scenarios will draw on intelligence reports of the latest threats from attackers and be overseen by Andrew Gracie, the director of the UK’s special resolution unit within the BoE.
Ashish Patel, regional director, network security UKI at McAfee, part of Intel Security, called the exercise “a step in the right direction for national security”.
He said: “It is greatly reassuring to see that financial institutions will be putting their security to the ultimate test. Stealth tactics such as Advanced Evasion Techniques (AETs) can go undetected, as they bypass firewalls and penetrate the network, silently unleashing damaging malware.
“This initiative should therefore help to uncover hidden vulnerabilities across key financial institutions. Working together with the private sector in this way is crucial to building a truly comprehensive national defence strategy.”
This follows the second Waking Shark exercise, which took place in November 2013 and was deemed to be a success. In that exercise, the three day period saw financial services companies face DDoS attacks, targeted and PC wipe attacks, issues with end-of-day market data pricing files for some equities markets, issues with Central Counterparty Clearing processes for fixed income, and issues associated with processes used to instruct payments through agent banks and manage balances in accounts at agent banks.
Charles Sweeney, CEO of Bloxx, said: “Banks face a relentless onslaught of persistent and sophisticated attacks because they are considered to be highly prized targets for criminals. This makes security investment and maintenance a 24×7 by 365 activity to ensure financial institutions can protect their infrastructure and assets.
“Last year’s Waking Shark programme was a great success, but attacks evolve and develop at a rapid pace so it is no surprise that the Bank of England wants to test defences again. It is great to see the UK leading the way in cyber protection programmes that can make a real difference to consumers, enterprises and the economy.”