The Bank of England is frequently faced with cyber threats as hackers probe for vulnerabilities in the central bank’s computer systems.
The revelation was made in a response by the U.K. central bank to a Freedom of Information request by Bloomberg News. The BOE declined to release data about the number of times it’s been attacked and its spending on external cyber-security companies, citing an exemption from requirements linked to the prevention of crime.
“The bank faces advanced, persistent and evolving cyber threats from a variety of sources which call for extreme vigilance,” it said in a January letter. On March 3, the Information Commissioner’s Office, which handles Freedom of Information appeals, said it accepted the bank’s reasons for not releasing data and dismissed Bloomberg’s claim. A BOE spokeswoman declined to comment further.
U.K. national institutions operate under the constant threat of having their systems breached by teenagers, criminal gangs, terrorists or foreign spies. Chancellor of the Exchequer George Osborne has pledged to double spending on hacking defenses and develop an offensive cyber capability so the country can carry out its own operations against terrorists and rogue states.
Within the financial industry, cyber attacks have led to millions of customer records falling into the hands of criminals, with JPMorgan Chase & Co. and HSBC Holdings Plc both having their systems breached in 2014.
The BOE has highlighted such attacks as one of the main risks to financial stability, and made improving resilience a priority, including a program ofvtests to find weaknesses in the systems of large firms. It said last year that banks and investment companies aren’t spending enough on computer security.
Bangladesh central bank governor Atiur Rahman resigned on Tuesday after hackers breached the bank's systems and stole about $101 million from the country's foreign reserves. Before standing down Rahman said the attack left him “puzzled.” The money, some of which has been recovered, was transferred to accounts in the Philippines.
The BOE said it was not able to confirm or deny whether it held information about the number of serious breaches of its own systems because any information might be used to help a hacker.
“The challenge for the Bank of England is to raise the issue of cyber security without creating panic and undermining its own credibility,” said Alex Mendez, joint founder of Remora, a London-based computer security firm. “They may feel if people understand the scale and frequency of attacks against the bank, it would undermine confidence in the financial system and impact stability.”
In its letter, the BOE said that external surveillance “goes on all the time with every small detail potentially adding up (through existing and/or prospectively available information) to a complete picture for potential attackers.”
A successful hack “could have substantial, adverse economic repercussions for the bank, the U.K. financial system and economy and critical global financial infrastructure,” it said.
“The likelihood of an attack is high and the impact of a significant breach is substantial.”