Cyber Security and the National Central Banks

1 Servizio Innovazione e sviluppo informatico

Divisione Architettura, infrastrutture e sicurezza

Cyber Security and the National

Central Banks

CPEXPO Community Protection

Genova, October 30th 2013



AGENDA

1. Introduction

2. The Cyber Threat from a National Central Bank

Perspective

3. The Cyber Crime Economy

4. Trend prediction

5. The Central Bank Response

6. Conclusion



1. INTRODUCTION

Changes in IT 1/2

• “Anytime, anywhere, any platform” access to systems

• Open source platforms adopted in order to improve

access to “best of breed” technology

• “Time-to-market”: pressure for new systems/applications

• Knowledge workers, big data e business intelligence

• Social media



• Increasing complexity in IT systems larger attack surface

• IT systems integrating different business lines interdependences increase

• External counterparties and service providers involved in business processes appropriate trust model

1. INTRODUCTION Challenges for central banks



• Can the IT continue to meet the needs of the business while maintaining an appropriate security level? – Not only preventive countermeasures: reactive controls

• Are IT services and infrastructure protected from Cyber Threat? – The new threats must be assessed against Confidentiality,

Integrity and Availability criteria having in mind the countermeasures in place

• Are the business line aware of the new Cyber Threat risks? – Mitigation of perceived risks only

1. INTRODUCTION Issues to be tackled by security experts 1/2



• Is the trust model still valid? – “Security control“ of counterparties and information services

• Are all information flows under control? – “Control” of the unstructured flow (e.g. Social Media)

• Do we spend too much or too little for the security of the information? – Return on Security Investment (e.g. ROSI approach)

• What are the information I “do not know”? – We must be aware that countering Cyber Crime requires effort

in gathering relevant information

1. INTRODUCTION

Issues to be tackled by security experts 2/2



2. THE CYBER THREAT FROM A NATIONAL CENTRAL

BANK PERSPECTIVE

The attackers

• Who are the attackers?

• What are their motivations?

• What are their goals?

• What methods do they use?



Attackers Motivations

1. Hactivists Anti-globalization, anti-capitalism

2. Terrorists Ideology, political change, power, money

3. Politically motivated Geo-political reasons, financial benefits

4. Criminal

organizations Money, retaliation

5. Employees Retaliation, personal gain, coercion

6. Occasional Hackers Reputation, curiosity


BANK PERSPECTIVE

The motivations



Goal of the Cyber Attack Method of the Cyber Attack

1. Web site defacement Web applications attacks

2. DoS / DDoS Botnets

3. Information theft Advanced Persistent threats (APT), Malware, Hacking,

Social Engineering

4. Information leakage WikiLeaks, Social Media, Forum, Web Sites

5. Sabotage Disabling / Bypassing security systems

6. Intrusion Social Engineering, Malware, APT

7. Fraud Social Engineering, Hacking, Malware

8. Corruption Unreliable internal employees

9. Other illegal activities Abuse of resources


BANK PERSPECTIVE

The goals and methods



• Cyber Crime: hidden economy in good health and little affected by increased sensitivity to security: – $ 114 billion direct costs (Symantec, 2011)

– $ 110 billion direct costs (Symantec, 2012)

• Human Resources (hackers for hire)

• Crime-as-a-service – "eBay”-style procurement of Cyber Attack services (viruses, k-loggers, etc.)

– Electronic payments on the "BitCoin” model

– On-demand Cyber Attacks

• Goods

3. THE CYBER CRIME ECONOMY

Ware price (USD)

Malware (source code) $100 – $100,000

« Exploit pack » (es. ZEUS) $150 – $2,200

Malware installation $6 – $150 (1,000 installations)

Zero day exploit $100,000 – $5,000,000



• More data leakages

• More politically motivated operations

• More professional malware (also on mobile devices)

• More tailor-made exploit code and attacks

• Less time for all of us to react

4. TREND PREDICTION



• Cyber Risk Governance – The management of Cyber Risk has been included in the

operational risk management framework (ORM)

– Cyber Risks have been often included in the corporate risk management framework (ERM)

– The governance of Cyber Risk has been changing in order to speed up the processes of decision making and incident management

• Risk Management – A gap analysis is in progress regarding the systems potentially

vulnerable to an attack and the existing controls at business and IT level

– The current trust model toward external counterparties is under assessment

– Personnel involved in critical operations or dealing with sensitive information is subject to specific screening

5. THE CENTRAL BANK RESPONSE – 1/3



• Business Continuity – The procedures to assess the extent of damage caused by an

attack are speeded

– The opportunity is considered to carry on business operations even with IT systems under attack

– Communication processes are defined to re-establish an appropriate level of trust internally and with external counterparties

• Awareness – Increase of Information Security training programs

– The Central Bank senior management and the risk Committees are regularly informed about the risk situation

– Increase of testing in Cyber Attack response plans




• Strengthening of security measures for critical applications and systems – Connections to un-trusted networks are limited

– Privileged access to applications, data, operations is minimized

• Reference to best practices issued by international organizations in the industry and / or government – Adoption of Cyber Resilience models issued by WEF, ISF,

OECD is under evaluation




• The risk associated with Cyber Threat is not just an IT problem responses should be coordinated with the other security teams (physical security, business continuity)

• The attacks complexity increases detection is increasingly linked to the recognition of abnormal behaviour

• Cyber Attacks will tend to target the weakest link in the chain (e.g. social engineering)

• The identity management and authentication functions must be strengthened

• Information sharing and collaboration of like-minded institutions are becoming increasingly important

6. CONCLUSION



Technology

Cyber Security and the National Central Banks