Bank of England mimics cybercriminals to test security

The Bank of England is testing lenders' defenses against cyber-attacks by mimicking hackers' own techniques as online criminals grow more sophisticated.

The BOE will "bring together the best available threat intelligence from government and elsewhere" to improve information sharing and cyber-attack testing, Andrew Gracie, the central bank's executive director for bank resolution, said in a speech to the British Bankers' Association in London today.

"The results should provide a direct readout on a firm's capability to withstand cyber-attacks that on the basis of current intelligence have the most potential" to damage financial stability, Gracie said.

The BOE released findings in February from a cybercrime exercise called Waking Shark II, which tested the resilience of 14 banks to attack from a hostile state. The test revealed "major challenges, particularly in relation to payments issues," at some firms, the central bank said. The report didn't name the vulnerable firms.

The current program started in May. While banks won't be forced to participate, the BOE expects "significant" participation, Gracie said.

"It is clear that the risk is on the rise and a growing cause of concern to industry and authorities alike," he said.

To contact the reporter on this story: Ben Moshinsky in London at bmoshinskybloomberg.net To contact the editors responsible for this story: Anthony Aarons at aaaronsbloomberg.net Heather Smith