Business continuity is inherent in the financial services sector. Banks, for instance, are required not only to have a disaster recovery and business continuity plan but to ensure that systems and processes work as planned by conducting regulation simulations of disasters.
Given the connected nature of global economies and societies, it makes sense to conduct similar exercises at a global scale.
Between 13-16 April 2021, the NATO (North Atlantic Treaty Organization) organised the annual NATO Cyber Defence Centre of Excellence (CCDCOE) Exercise called Locked Shields.
Locked Shields is a complex international live-fire cyber defence exercise with nearly 2000 participants from 30 countries, with 5000 virtualized systems subject to more than 4000 attacks. In addition to securing complex IT systems, participating teams must also be effective in reporting incidents, strategic decision making and solving forensic, legal, media and information operations challenges.
Leading the financial services sector in the exercise is FS-ISAC (Financial Services Information Sharing and Analysis Center).
This year the exercise strategic track scenario includes a large-scale disruption across multiple aspects of the financial services sector. To do this, FS-ISAC convened a Scenario Expert Planning Group comprised of its members including the Bank for International Settlements (BIS) Cyber Resilience Coordination Centre (CRCC), Mastercard, NatWest Group, and SWITCH-CERT among others.
“Given the cross-border nature of today’s cyber threats, exercises like Locked Shields are critical tools in preparing the global financial services industry to better defend against increasingly sophisticated threat actors,” said Teresa Walsh, global head of intelligence of FS-ISAC.
She noted that to strengthen the financial sector’s resiliency, FS-ISAC has facilitated cyber exercises for more than ten years. This is a natural extension of our role in helping protect the global financial system.
A key focus of the exercise strategic track is the cyber dependencies of the financial services industry and how they relate to government and critical infrastructure. The exercise will also examine and account for the new realities brought about by the pandemic, such as the greater security vulnerabilities caused by accelerated digitization and remote work.
“Locked Shields continually strives to address the most pressing needs of our nations by emulating current challenges faced by leaders in the cyber domain. The exercise tests the ability of nations to address a massive cyberattack from internal government cooperation to what mechanisms can be used for coordination and information sharing with the private sector and international partners,” said Colonel Jaak Tarien, director of the CCDCOE, a NATO-affiliated cyber defence hub that has organised this Exercise every year since 2010.