Global finance firms take part in NATO cyber attack simulation

Global financial services businesses are taking part in an annual NATO cyber security exercise which tests the resilience of critical national infrastructures.

A total of 29 financial services organisations, including Barclays, Santander and Mastercard, have been brought together by the not-for-profit member organisation, the Financial Services Information Sharing and Analysis Center (FS-ISAC) to participate in the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), known as Locked Shields.

Locked Shields is an annual live-fire exercise that generates cyber attacks on a fictional country to test the cyber defences of critical infrastructures including the global finance system, as well as energy, telecommunications and shipping.

According to the FS-ISAC, it “designed the 2023 financial sector scenario in the strategic exercise, which simulates real-life payments system outages by a central bank and the cascading impacts on the financial system.”

It added that the scenario is based on similar but far less severe outages experienced over the past several years. The three-day event ends on 21 April.

“Exercises like Locked Shields strengthen the resilience of the global financial sector and encourage collaboration and coordination across all critical infrastructure and public sectors,” said Steven Silberstein, CEO at FS-ISAC.

“Our participation will allow us to crowdsource exercise responses from our global membership to assess and mitigate threats as the scenario unfolds, building the muscle memory our members and the overarching sector can rely on when faced with real-time cyber warfare.”

Mart Noorma, director of the CCDCOE, said the organisation identified the urgent need for the financial sector to join nation states in preparing to defend against current cyber security threats. “FS-ISAC’s insights into the challenges facing the global financial system inform realistic exercise development, and we appreciate their continued support and involvement as we strive to protect global critical infrastructure from future cyber incidents,” he said.

Locked Shields includes more than 2,600 participants from 38 countries, with more than 5,500 virtualised systems subject to upwards of 8,000 attacks. According to FS-ISAC, as well as having to secure complex IT systems, “participating teams must be effective in reporting incidents, strategic decision-making, and solving forensic, legal, media, and information operations challenges.”

Ron Green, chief information security officer at participating company Mastercard, said: “Partnerships built on strong collaboration and information-sharing are essential when responding to a cyber incident. It truly takes a network to defend our networks.

“Through Locked Shields – and exercises like it – we have the chance to put our response plans into action and actively work together to defend our sector,” he added.

Cameron Dicker, global head of business resilience at FS-ISAC, said: “Cross-border communication channels between and across the private and public sectors are critical to responding to incidents efficiently, with minimal disruption to customers and citizens. This is the key value of exercises like Locked Shields; they help us build both the means and the trust necessary to act quickly in a crisis.”

Leave a Reply

Your email address will not be published. Required fields are marked *