* New voluntary anti-hacking framework launched
* Bank will intervene if lenders don’t take precautions
By Huw Jones
LONDON, June 10 (Reuters) - The Bank of England sought to bolster the financial industry’s defences against cyber-attacks on Tuesday when it unveiled a new framework to spot and test possible weak points at lenders.
The Bank has said that hacking represents a growing risk for the financial system which handles money for millions of customers and companies in Britain.
The new anti-hacking framework, called CBEST, will use information from government and vetted commercial sources to identify potential attackers, the Bank said in a statement.
The framework then replicates the techniques used by hackers to devise a bespoke test to see how successful an attack on a lender might be, and if the lender is resilient enough.
“The results should provide a direct readout on a firm’s capability to withstand cyber-attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability,” Andrew Gracie, the BoE’s executive director of resolution, said in a speech.
“Low-level attacks are now not isolated events but continuous. Unlike physical attacks that are localised, these attacks are international and know no boundaries,” he told a meeting of the British Bankers’ Association.
The Bank said the new framework differs from existing security testing at banks because it uses real threat intelligence and focuses on the more sophisticated and persistent attacks on critical systems and essential services.
The framework was launched last month but was not publicly announced until Tuesday. Participation is voluntary but Gracie expects take-up to be significant.
“Cyber risk is not just for technology specialists,” he said. “This is part of a broader issue of how organisations defend themselves against attack.”
There have been an increasing number of cyber attacks in recent years, with criminals, extortionists and hacktivists - politically motivated hackers - attempting to infiltrate systems or just disrupt operations, often through distributed denial of service (DDoS) attacks that bombard websites with traffic.
In December, state-backed Royal Bank of Scotland said its platform was briefly attacked by hackers, causing problems for customers accessing accounts.
One unidentified London-listed company incurred losses of 800 million pounds ($1.3 billion) in a cyber attack several years ago, according to British security services. (Reporting by Huw Jones; Additional reportng by Steve Slater; Editing by Catherine Evans)