The Bank of England has launched a new approach to test for vulnerabilities in cybersecurity in the financial industry by using data on possible attackers to contrive realistic attacks.

In a speech to the British Bankers’ Association Tuesday, Andrew Gracie, executive director resolution at the Bank of England (BoE), formally launched a new framework to help identify areas where the financial sector could be vulnerable to a sophisticated cyber-attack.

The new framework, which is called CBEST, uses intelligence from government and commercial providers to identify potential attackers to a particular financial institution. It then replicates the techniques these potential attackers use in order to test the extent to which they may be successful in penetrating the defences of the institution. The BoE says that the inclusion of specific cyber threat intelligence “will ensure that the tests replicate, as closely as possible, the evolving threat landscape and therefore will remain relevant.”

This approach will alert firms to where they are vulnerable, and enable them to implement remediation plans. The central bank says that CBEST differs from other security testing that is currently undertaken by the financial services sector because it uses real threat intelligence and focuses on the more sophisticated and persistent attacks on critical systems and essential services.

“The idea of CBEST is to bring together the best available threat intelligence from government and elsewhere, tailored to the business model and operations of individual firms, to be delivered in live tests, within a controlled testing environment. The results should provide a direct readout on a firm’s capability to withstand cyber-attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability,” Gracie said.

The BoE says that it worked with the Council for Registered Ethical Security Testers (CREST), a not-for-profit organisation that represents the technical information security industry, and, Digital Shadows, a cyber-intelligence company, to develop new accreditation standards.

This new framework is part of the BoE’s response to a recommendation from the Financial Policy Committee (FPC) to test and improve resilience to cyber-attack. Back in June 2013, the FPC requested that the UK Treasury and the regulators work with the core of the UK financial system and its infrastructure to improve and test resilience to cyber attack.

CBEST was launched to industry during an event hosted by the BoE on May 23. It was publicly launched Tuesday.