* New voluntary anti-hacking framework launched
* Bank will intervene if lenders don't take precautions
By Huw Jones
LONDON, June 10 The Bank of England sought to
bolster the financial industry's defences against cyber-attacks
on Tuesday when it unveiled a new framework to spot and test
possible weak points at lenders.
The Bank has said that hacking represents a growing risk for
the financial system which handles money for millions of
customers and companies in Britain.
The new anti-hacking framework, called CBEST, will use
information from government and vetted commercial sources to
identify potential attackers, the Bank said in a statement.
The framework then replicates the techniques used by hackers
to devise a bespoke test to see how successful an attack on a
lender might be, and if the lender is resilient enough.
"The results should provide a direct readout on a firm's
capability to withstand cyber-attacks that on the basis of
current intelligence have the most potential, combining
probability and impact, to have an adverse impact on financial
stability," Andrew Gracie, the BoE's executive director of
resolution, said in a speech.
"Low-level attacks are now not isolated events but
continuous. Unlike physical attacks that are localised, these
attacks are international and know no boundaries," he told a
meeting of the British Bankers' Association.
The Bank said the new framework differs from existing
security testing at banks because it uses real threat
intelligence and focuses on the more sophisticated and
persistent attacks on critical systems and essential services.
The framework was launched last month but was not publicly
announced until Tuesday. Participation is voluntary but Gracie
expects take-up to be significant.
"Cyber risk is not just for technology specialists," he
said. "This is part of a broader issue of how organisations
defend themselves against attack."
There have been an increasing number of cyber attacks in
recent years, with criminals, extortionists and hacktivists -
politically motivated hackers - attempting to infiltrate systems
or just disrupt operations, often through distributed denial of
service (DDoS) attacks that bombard websites with traffic.
In December, state-backed Royal Bank of Scotland
said its platform was briefly attacked by hackers, causing
problems for customers accessing accounts.
One unidentified London-listed company incurred losses of
800 million pounds ($1.3 billion) in a cyber attack several
years ago, according to British security services.
(Reporting by Huw Jones; Additional reportng by Steve Slater;
Editing by Catherine Evans)