As the world becomes increasingly financially interconnected, new types of risk are being introduced into the financial system. Never more present on central banks’ radars than they are currently, cyber attacks have emerged as the number‑one risk for regulators and financial firms worldwide. But cyber resilience no longer means being able to tackle known dangers. Central banks now require the ability to uncover and detect threats while they are still unknown, and it is time they get ahead of the curve
In response to this, for the past two years the Bank of England’s (BoE’s) Security Operations Centre (SOC) has been undertaking an initiative – SOC 2.0 – which has fundamentally altered how the central bank detects and responds to cyber attacks. Switching from a reactive to a proactive approach, staff have focused on studying patterns of adversarial behaviour in an attempt to respond to unknown threats.
Key to this initiative was a new way of thinking about the problem and developing an operating model that supported continual research, behavioural profiling and the implementation of data analysis techniques. Given this shift, the BoE decided an industry ‘black box’1 solution that promised to detect attacks would not suffice.
Instead, the central bank allowed its experts to design their own tools. Using a standard data-mining platform, teams of experts were given freedom to develop sophisticated analytical techniques to detect behaviour, rather than individual attacks that change over time and with increasing frequency. This approach would appear to be working.
Following the attack on Bangladesh Bank in 2016, the SOC team set out to ensure the BoE’s own systems would not be breached. Even without access to the malware used in the attack, the SOC was able to quickly ascertain that the BoE’s analytical techniques would be able to identify these attackers’ behaviours if it was targeted.
Since developing the system, the SOC has worked to ensure it evolves to support the latest advances in technology. Taking inspiration from the rise of sophisticated ‘bots’ – including Siri and Google Assistant – the SOC developed SOC Assistant to ensure members of the team have the right contextual information on hand to triage security incidents appropriately.
Taking its approach out to the community, the group chairs the UK’s Government Security Monitoring Group – a forum for government bodies to share cyber security techniques. The BoE’s group has also partnered with a number of central banks worldwide to help those looking to evolve their systems.
1. Black box is the term commonly used to describe technically sophisticated electronic devices attached directly to a system to control its functions.