The CBEST scheme has been created by the Bank of England, HM Treasury and the Financial Conduct Authority (FCA). The framework delivers penetration tests that replicate the field craft of the sophisticated cyber criminals that the threat intelligence has identified as presenting the greatest risk. The benefit to organisations is that the results will be directly linked to the business impacts of a likely attack from a real threat and therefore enable meaningful board action to create a proactive defence.
This intelligence-led penetration test framework is vital as such criminals are assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions (SIFIs). This is the next step in operational cyber defence and is the first such framework developed by industry body CREST to be led by a central bank.
The concept of an intelligence-led penetration test is one of the cornerstones of the CBEST scheme and the BAE Systems Applied Intelligence service will draw on the library of information it has gathered on the specific tools and techniques known to be employed by attackers with the means, motive and opportunity to target financial services.
This intelligence can then be used to specify realistic attack scenarios, simulated by penetration testing, to provide a meaningful insight to the vulnerability of an organisation’s network to cyber attack. Furthermore, these scenarios provide a useful operational context which can be used to determine the consequences to the business should such an attack succeed.
Scott McVicar, Managing Director, EMEA Commercial Solutions for BAE Systems Applied Intelligence, said:
“BAE Systems Applied intelligence is proud to be the first company to receive accreditation for both penetration testing and threat intelligence under the CBEST scheme.
“Intelligence-led penetration testing has to be based upon rich contextualized intelligence which informs and guides how the test should be conducted, what attack methods should be simulated and where testers should focus their resources. This method of testing provides a more structured and effective approach for companies to mitigate their cyber risk and understand the real effectiveness of the key technical security controls they have in place.”
The CBEST framework works alongside the STAR (Simulated Targeted Attack and Response) scheme developed by CREST and for which BAE Systems is also an approved supplier. While CBEST is available to nominated financial organisations, and will be performed with Bank of England and Government involvement, the CREST STAR scheme is available to all organisations who want to benefit from intelligence-led penetration testing.
Notes to editors
- CREST is a not for profit organisation that serves the needs of a technical information security marketplace that requires the services of a regulated professional services industry.
- Please find more information about Threat Intelligence Managementon the BAE Systems Applied Intelligence website.
For further details please contact:
Natasha Davies, BAE Systems Applied Intelligence
Tel : +44 (0)207 812 4274
Mobile: +44 (0)7787 297 831
David Mercer, Bite Communications
Tel: +44 (0)208 834 3472
Mobile: +44 (0)773 872 0198
BAE Systems plc
Tel: +44 (0) 1252 384719
About BAE Systems
At BAE Systems, we provide some of the world’s most advanced, technology-led defence, aerospace and security solutions and employ a skilled workforce of some 83,400 people in over 40 countries. Working with customers and local partners, we develop, engineer, manufacture and support products and systems to deliver military capability, protect national security and people and keep critical information and infrastructure secure.
BAE Systems Applied Intelligence is a business division of BAE Systems that delivers solutions that help clients to protect and enhance their critical assets in the intelligence age. Our intelligent protection solutions combine large-scale data exploitation, ‘intelligence-grade’ security and complex services and solutions integration. We operate in four key domains of expertise: cyber security, financial crime, communications intelligence and digital transformation.
Leading enterprises and government departments use our solutions to protect and enhance their physical infrastructure, mission-critical systems, valuable intellectual property, corporate information, reputation and customer relationships, competitive advantage and financial success.
For further information about BAE Systems Applied Intelligence, please visit www.baesystems.com/ai