Bank of England to employ hackers

Penetration testing to be used to gauge banks' defences against hackers and cyber criminals

The Bank of England is set to employ ethical hacking and penetration testing in an effort to strengthen cyber security of banks and other financial institutions.

The scheme, as reported by The Financial Times, is known as cyber threat and vulnerability management and will be overseen by the Bank of England's director of the UK's special resolution unit, Andrew Gracie. The purpose is to test the defences of more than 20 major banks against the types of attack they're likely to experience from hackers and other cyber criminals.

Ethical hackers will therefore use the latest methods employed by hackers working for criminal gangs, terrorist cells and rogue states in order to examine the defensive capabilities of banks when it comes to protecting against cyber attacks. Financial services firms likely to participate in the scheme reportedly include Royal Bank of Scotland and the London Stock Exchange.

Penetration testing is often used by businesses to test their internal cyber resilience, but this represents the first time such a scheme will be monitored by an outside authority in such a large-scale fashion. A similar scheme - named Waking Shark II - was undertaken last year, but on a much smaller scale.

That test represents a move by the Bank of England to shore up defences against vulnerabilities which, if left unchecked, could lead to data loss or credit card detail theft.

Indeed, banks are regular targets for cyber attacks as criminals look for a method of making a quick buck - something they're successfully achieving, as the Bank of England itself admitted in a report towards the end of last year.

Charles Sweeney, CEO of web security firm Bloxx, welcomed the introduction of cyber threat and vulnerability management.

"Banks face a relentless onslaught of persistent and sophisticated attacks because they are considered to be highly prized targets for criminals," he said.

"Last year's Waking Shark programme was a great success, but attacks evolve and develop at a rapid pace so it is no surprise that the Bank of England wants to test defences again.

"It is great to see the UK leading the way in cyber protection programmes that can make a real difference to consumers, enterprises and the economy," Sweeney added.