Bank of England plans new round of cyber resiliency tests for UK banks

Regulator to focus on individual banks' security systems

The Bank of England is planning additional resiliency tests of security systems to ensure that UK banks can protect themselves against a growing cyber threat.

A programme of 'ethical hacking' will be carried out this year to test the infrastructure of UK financial institutions, the Financial Times wrote, as part of wider regulator-led assessment of security capabilities.

The work will build on the Operation Waking Shark cyber attack simulations run by the BoE last year, aimed at testing the responsiveness of the industry as a whole.

A new series of events will focus on the ability of individual banks to respond to a major attack, according to anonymous sources cited, and follow a pilot earlier this year.

The aim of the exercise is to enable regulators to identify weaknesses within the IT infrastructure used by major banks, such as payments systems.

Banks' infrastructure is increasingly under attack from a number of sources, such as cyber criminals seeking to make financial gain and nation states or hacktivists attempting to disrupt services.

Security specialists with certification for penetration testing will be tasked with carrying out the 'cyber threat and vulnerability management' exercises, and will be led by Andrew Gracie, executive director for the regulator's special resolution unit.

The BoE declined to comment on the reports.

Last year, a meeting of the BoE Financial Policy Committee (FPC) called on regulators such as the Financial Conduct Authority to ensure that directors at UK banks have "concrete plans" in place to protect agains rapidly evolving cyber threats.

In its 'Financial Stability Report', the Bank of England warned that continued attacks against UK financial institutions could result in "significant" costs for the sector.

"While losses have been small relative to UK banks' operational risk capital requirements, they have revealed vulnerabilities," the BoE said. "If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions."

Natwest is one of the major banks which have been targeted in recent months, blaming a distributed denial of service (DDOS) attack for a website outage.

Tags financial timesBank of England

Show Comments