Bank of England seeks to further fortify financial industry against cyber attacks
11 Jun 2014
The Bank of England plans to ramp up defences of the financial industry against cyber attacks on Tuesday with the announcement of a new framework to identify and test possible weak points at lenders.
According to the bank, hacking represented a growing risk for the financial system, which handled money for millions of customers and companies in the UK.
The new framework called CBEST, would use information from government and vetted commercial sources to identify potential attackers, the bank said in a statement.
The framework then mimics techniques used by hackers to devise a test to see how a successful attack on a company might be and whether the bank had resilence to resist it.
"The results should provide a direct readout on a firm's capability to withstand cyber-attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability," Andrew Gracie, the BoE's executive director of resolution, said in a speech.
"Low-level attacks are now not isolated events but continuous. Unlike physical attacks that are localised, these attacks are international and know no boundaries," he told a meeting of the British Bankers' Association.
Gracie further said, the bank would ''bring together the best available threat intelligence from government and elsewhere'' to improve information sharing and cyber-attack testing.
In February, the BoE released results of a cybercrime exercise called Waking Shark II, which tested the resilience of 14 banks to attack from a hostile state.
According to the central bank, the test revealed ''major challenges, particularly in relation to payments issues,'' at some firms, according to the central bank.
The names of the vulnerable firms were not released.
While participation would not be forced on banks, the BoE expected ''significant'' participation, according to Gracie.
He said it was clear that the risk was on the rise and a growing cause for concern to industry and authorities alike.