1. 1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
INNOV-ACTS, Limited
H2020 FINSEC Project
The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant
Agreement No 786727
Blockchain Sharing of Security
Information for Critical
Infrastructures of the Finance Sector
15/04/2020
2. 2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Objectives
▪ Identify the different components of the security platform
architecture
▪ Learn about the approach followed for the microservices
architecture
Topic
▪ Learn abut the challenges of the digitalization of financial
institutions
▪ Identify the different types of security attacks relevant to the
financial sector
▪ Understand the reasons needing an integrating approach
▪ Learn about pre-existing solutions
▪ Understand the different components of security threads
▪ Realize how to build a knowledge base
Goal
Financial Sector & Security
Attacks
Collaborative Risk
Assessment
FINSEC Platform
3. 3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Impact of Digitization in FInance
Financial Organisations
•increasingly digitizing their
operations based on the
deployment of advanced ICT
e.g., BigData, Artificial
Intelligence (AI) and the
Internet of Things (IoT
•including critical
infrastructures
Benefits
•boosts intelligence
•enables provocative
operations
•optimizes resources
Drawbacks
•Vulnerability to security
attacks : cybersecurity
attacks + hybrid
cybersecurity and physical
security attacks (e.g., attacks
against smart doors,
networked cameras, locks
and alarms)
4. 4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Financial Sector
& Security
Attacks
5. 5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Financial Infrastructures as Cyber Physical Systems
Physical dimension
• E.g., Automatic Teller
Machines (ATM), IT data
centers, network
infrastructures)
• Consequences for
consumers and SMEs
Cyber dimension
• Loss of personal
information, reputational
damage, costly and
unplanned downtimes in
business operations
• Lack of confidence in the
system
6. 6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Implications of the dual nature
Today’s model where physical and cyber security are addressed
separately has many limitations
• E.g., controlling access to plants, protecting financial and product records
physically) and cyber (e.g., malware, Trojan horses, denial of service attacks)
security concerns are considered in isolation
Need for integrated approaches that combines cybersecurity and
physical security aspects
Integrated solution for the critical infrastructures of the financial
sector
7. 7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Solution Guidelines
Integrated modelling of the infrastructure
• Key to an integrated approach is a data model that captures both
cyber and physical aspects of security
Integrated data processing and implementation of
integrated security policies
• Key to a successful implementation of a system that combines
cyber and physical security aspects is an integrated architecture
8. 8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Types of Attacks
Attacks
Attacks with
only physical
aspects
Attacks with
only cyber
aspects
Physical-
enabled
cyberattacks
Cyber-
enabled
physical
attacks
9. 9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Pre-existing integrated solutions
Augmented vulnerability assessment methodology for physical security in the cyber domain,
Vulnerability Assessment (VA), proven based on simulation and cost-benefit analysis
Integrated modelling approach for cyber-physical systems for power grids and critical
infrastructures for energy
Integrated security methodologies based on various disciplines and techniques e.g., control
theory, optimization, game theory
• Do not take a holistic data-driven approach
• Data driven systems do not provide the non-functional properties (e.g., scalability, performance) needed for their
deployment at scale
• Rarely address the special requirements of the financial sector: asset modelling, event correlation and regulatory
compliance (e.g., MiFID, GDPR, PSD2)
10. 10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Collaborative
Risk
Assessment
11. 11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Collaborative Risk Assessment: Risk Calculation
▪ Metrics at different levels:
▪ Vulnerability level
▪ Impact level
▪ Threat level
▪ Vulnerability & impact levels:
▪ CVSS (Common Vulnerability Scoring System)
▪ Free and open industry standard for assessing the severity of computer system security
vulnerabilities.
▪ Assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources
according to threat.
▪ Derived from the CVSS scores of the assets’ vulnerabilities detected
▪ Threat level:
▪ Result of events occurring inside the organization and historical information
12. 12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Services
▪ To initialize a risk calculation suite is the creation of a
Service
▪ Services are stored in the FINSEC data-tier hence, the
communication with it is critical
▪ Data tier is protected using basic authentication
▪ Creation involves the asset selection as well as the
vulnerability definition for each asset
▪ Leveraged by the introduction of a Security Knowledge Base
13. 13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Threats
▪ Threats that may target the service
▪ List of events should be defined
▪ Events affect the level of the threat in real-time
▪ Threats are associated with the Service using the risk
configuration object
▪ Threat objects must be stored in the Security Knowledge
Base
14. 14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Events
▪ Security officer needs to define event models and
then map them to a predefined threat e.g., “invalid
login attempt” is related to a “SWIFT compromise
threat”
▪ when a probe produces an instance of this model, the
platform detects it and if the trigger value is reached
for this specific event the overall risk of the related
threat is re-calculated
15. 15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Triggers: What triggers risk (re)calculation?
▪ Calculation can be triggered in three ways:
▪ Manually
▪ Vulnerabilities of the assets involved have
changed
▪ Event Instances reach a specified threshold.
16. 16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Risk calculations
▪ Service to function properly, certain preconditions need to
apply
▪ Service definition, the threat to event mapping and the
probe to be up and running
▪ Probe produces a new event which is forwarded through
the data collector to the FINSEC data-layer
▪ the Collaboration Service is connected to the data-layer and
“listening” for event instances
17. 17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Collaborative Risk Assessment Inputs/Outputs
18. 18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY
Sample Risk Visualization in the FINSEC Dashboard
Vulnerabilities for
the SWIFT service
pilot, categorized
by their domain
(cyber/physical)