By Huw Jones
LONDON (Reuters) - The Bank of England sought to bolster the financial industry's defenses against cyber attacks on Tuesday when it announced a new framework to spot and test possible weak points at lenders.
The Bank says hacking represents a growing risk for the financial system, which handles money for millions of customers and companies in Britain. Called CBEST, the new framework will use information from government and vetted commercial sources to identify potential attackers, the Bank said in a statement.
The framework then replicates the techniques used by hackers to devise a test to see how successful an attack on a company might be and whether it is resilient enough to resist it.
"The results should provide a direct readout on a firm’s capability to withstand cyber-attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability," Andrew Gracie, the BoE's executive director of resolution, said in a speech.
"Low-level attacks are now not isolated events but continuous. Unlike physical attacks that are localized, these attacks are international and know no boundaries," he told a meeting of the British Bankers' Association.
The Bank said the new framework differs from existing security testing at banks because it uses real threat intelligence and focuses on the more sophisticated and persistent attacks on critical systems and essential services.
The framework was set up last month but was not publicly announced until Tuesday. Participation is voluntary, but Gracie expects take-up to be significant.
"Cyber risk is not just for technology specialists," he said. "This is part of a broader issue of how organizations defend themselves against attack."
Cyber attacks have become a frequent threat as online banking proliferates, said Andrew Wingfield, a financial services lawyer at King & Wood Mallesons SJ Berwin.
"The UK's ability to deal with such attacks will determine how it is viewed globally in terms of investment and its position as a worldwide leader in financial services," Wingfield said.
The new testing framework was developed with UK cyber intelligence company Digital Shadows.
Cyber attacks have increased in recent years, with criminals, extortionists and hacktivists - politically motivated hackers - attempting to infiltrate systems or just disrupt operations, often through distributed denial of service attacks that bombard websites with traffic.
In December, state-backed Royal Bank of Scotland said its platform was briefly attacked by hackers, causing problems for customers trying to get access to their accounts.
One unidentified London-listed company incurred losses of 800 million pounds ($1.3 billion) in a cyber attack several years ago, according to British security services.
(Reporting by Huw Jones; Additional reportng by Steve Slater; Editing by Larry King)