FS-ISAC announced that 29 member financial firms from around the world to participate in the world’s largest live-fire cyber defense exercise, the annual NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) Exercise Locked Shields, which took place in mid-April.
Locked Shields involves a complex and cascading set of cyber attacks on a fictional country, with impacts ranging from military and government to critical infrastructure such as energy, telecommunications, shipping, and financial services.
FS-ISAC designed the 2023 financial sector scenario in the strategic exercise, which simulates real life payments system outages by a central bank and the cascading impacts on the financial system. The scenario is based on similar but far less severe outages experienced over the last several years at major central banks around the world.
Cyber threats to critical infrastructure systems, including financial systems, have become a reality of modern warfare, and Locked Shields has worked since 2010 to facilitate systematic, multi-sector, public-private cyber defense cooperation and coordination in anticipation of these threats from nation-states.
“Exercises like Locked Shields strengthen the resilience of the global financial sector and encourage collaboration and coordination across all critical infrastructure and public sectors,” said Steven Silberstein, CEO at FS-ISAC, in a statement. “Our participation will allow us to crowdsource exercise responses from our global membership to assess and mitigate threats as the scenario unfolds, building the muscle memory our members and the overarching sector can rely on when faced with real-time cyber warfare.”
“We identified the urgent need for the financial sector to partner alongside nation-states to prepare and exercise against the current threat landscape,” said Mart Noorma, director of the CCDCOE, a NATO-affiliated cyber defense hub, in a statement. “FS-ISAC’s insights into the challenges facing the global financial system inform realistic exercise development, and we appreciate their continued support and involvement as we strive to protect global critical infrastructure from future cyber incidents.”
Locked Shields is the largest and most complex international, live-fire cyber defense exercise in the world. It includes more than 2600 participants from 38 countries, with more than 5500 virtualized systems subject to more than 8000 attacks. In addition to securing complex IT systems, participating teams must also be effective in reporting incidents, strategic decision making, and solving forensic, legal, media, and information operations challenges.
Twenty-nine FS-ISAC member firms including Banco de Espana, Bank ABC, Banking and Payments Association Ireland, Barclays, CME Group, Mastercard, NLB, Nordic Financial CERT, Santander, and Union Bank and Trust participated in this year’s exercise.
“The threat landscape evolves so rapidly; the only way to stay ahead is to be prepared through constant exercising and collaboration,” said Cameron Dicker, global head of Business Resilience at FS-ISAC. “Cross-border communication channels between and across the private and public sectors are critical to responding to incidents efficiently, with minimal disruption to customers and citizens. This is the key value of exercises like Locked Shields; they help us build both the means and the trust necessary to act quickly in a crisis.”