CBEST Vulnerability Testing Framework Launch
Following their meeting in June 2013, the FPC issued a recommendation requesting that HMT and the regulators work with the core of the UK financial system and its infrastructure to put in place a programme of work to improve and test resilience to cyber attack. The committee also noted it was important that boards of financial firms and infrastructure providers recognised their responsibility for responding to those attacks.
To assist the boards of financial firms and infrastructure providers, and regulators, in improving their understanding of the types of cyber attack that could undermine financial stability in the UK, and the extent to which the UK financial sector is vulnerable to those attacks, a new, intelligence-led testing framework has been devised by the UK Financial Authorities in conjunction with CREST (the Council for Registered Ethical Security Testers) and Digital Shadows.
On 23 May CBEST was launched to industry during an event hosted by the Bank of England.
On 10 June CBEST was publicly launched following a speech by Andrew Gracie, Executive Director Resolution, at the BBA’s conference on Managing Cyber Risk – the Global Banking Perspective. Further details on CBEST and Andrew Gracie’s speech can be found in the following documents.