* New voluntary anti-hacking framework set up
* Bank will intervene if lenders fail to take precautions
(Adds reaction, more detail)
By Huw Jones
LONDON, June 10 The Bank of England sought to
bolster the financial industry's defences against cyber attacks
on Tuesday when it announced a new framework to spot and test
possible weak points at lenders.
The Bank says hacking represents a growing risk for the
financial system, which handles money for millions of customers
and companies in Britain. Called CBEST, the new framework will
use information from government and vetted commercial sources to
identify potential attackers, the Bank said in a statement.
The framework then replicates the techniques used by hackers
to devise a test to see how successful an attack on a company
might be and whether it is resilient enough to resist it.
"The results should provide a direct readout on a firm's
capability to withstand cyber-attacks that on the basis of
current intelligence have the most potential, combining
probability and impact, to have an adverse impact on financial
stability," Andrew Gracie, the BoE's executive director of
resolution, said in a speech.
"Low-level attacks are now not isolated events but
continuous. Unlike physical attacks that are localised, these
attacks are international and know no boundaries," he told a
meeting of the British Bankers' Association.
The Bank said the new framework differs from existing
security testing at banks because it uses real threat
intelligence and focuses on the more sophisticated and
persistent attacks on critical systems and essential services.
The framework was set up last month but was not publicly
announced until Tuesday. Participation is voluntary, but Gracie
expects take-up to be significant.
"Cyber risk is not just for technology specialists," he
said. "This is part of a broader issue of how organisations
defend themselves against attack."
Cyber attacks have become a frequent threat as online
banking proliferates, said Andrew Wingfield, a financial
services lawyer at King & Wood Mallesons SJ Berwin.
"The UK's ability to deal with such attacks will determine
how it is viewed globally in terms of investment and its
position as a worldwide leader in financial services," Wingfield
The new testing framework was developed with UK cyber
intelligence company Digital Shadows.
Cyber attacks have increased in recent years, with
criminals, extortionists and hacktivists - politically motivated
hackers - attempting to infiltrate systems or just disrupt
operations, often through distributed denial of service attacks
that bombard websites with traffic.
In December, state-backed Royal Bank of Scotland
said its platform was briefly attacked by hackers, causing
problems for customers trying to get access to their accounts.
One unidentified London-listed company incurred losses of
800 million pounds ($1.3 billion) in a cyber attack several
years ago, according to British security services.
(Reporting by Huw Jones; Additional reportng by Steve Slater;
Editing by Larry King)