Enterprise Security and Risk Management: The Bank of England

Following the publication of the findings from Waking Shark II security exercise late last year, which tested the financial sector’s contingency plans in the event of a cyber-attack, significant progress has been demonstrated in communication and coordination of enterprise security matters across different financial agencies.

At Whitehall Media’s inaugural Enterprise Security and Risk Management conference on 25th March 2014 at the Hotel Russell in central London, the Chief Information Security Officer of the Bank of England, Don Randall MBE, delivered a keynote morning address before an audience of hundreds of information security and risk management professionals.

Randall spoke at length about the general cyber threat facing the banking industry, the relationship between IT infrastructure and enterprise security, partnerships as well as the landscape, players and motivations in the enterprise security and risk landscape.

Managing Risk and Security: A Central Bank Perspective

Randall began his speech by differentiating between cyber enabled economic crime and other cyber-criminal activity crime.

This differentiation, says Randall, sets apart motivations for online crime which can vary from ideology and personal gain to revenge, reputational damage, power and money. In similar vein, activities and methodologies are also varied, from website defacement to intrusion, espionage and sabotage.

Working in conjunction with the CIO, Randall explained that the CISO structure at the Bank of England involves gathering intelligence information, investigations, forensics, policy, education and awareness raising.

“A central bank is susceptible to [attack from] all actors”, says Randall.

“A retail bank or certain industries like the pharmaceutical and aeronautical industries, they have different actors that are potentially going to attack them. But as a central bank there’s no discipline on the actors.”

It is thus important to understand criminal incidences as well as the broader geopolitical environment and to gain a country-wide perspective.

Working in Partnership to combat security threats

“Share what you do wrong”, says Randall.

With 43 police forces across the UK, sharing is important between private and public sector and between law enforcement and the private sector.

Randall spoke briefly about the creation of the Cross-sector Safety and Security Communications (CSSC) project, created a year before the London Olympics, to facilitate communication between law enforcement agencies, local and national government organisations and private sector businesses.

With its vast communication network, the CSSC can communicate to over 8 million businesses in 30 minutes. A message can get out as soon as it comes.

As a central bank, the Bank of England needs to know about the robustness of security across the general banking sector in the UK. Should there be a cyber breach, partnerships and repositories are critical to response time and effectiveness.

Coalition building of this sort is critical.

“The issues do not change, only the methodology”, says Randall.

Join Whitehall Media for our 2nd Enterprise Security and Risk Management conference on 3 December 2014 at the Hotel Russell in central London. Our prestigious event will once again bring together C-suite professionals with Chief Risk Officers and a core audience of enterprise-level security and risk architects and decision-makers charged with implementing and delivering robust enterprise security in large companies and across every sector of government. To register your place to attend, please click here.

Share this post: