One of the world’s largest cyber wargames is, for the first time, specifically exploring how banks and other financial institutions might respond to a widespread physical and cyber conflict.
The North Atlantic Treaty Organization is running its annual Locked Shields exercise from April 13 to April 16 through its Estonia-based Cooperative Cyber Defence Centre of Excellence. The wargame includes scenarios exploring how widespread attacks on a fictional nation’s infrastructure might strike at activities critical to keeping the global financial system functioning, such as payments and settlement operations.
U.S. lawmakers and government officials have long worried about catastrophic risks to the financial services industry posed by cyberattacks, given the degree to which companies are connected to each other and every critical infrastructure sector. For instance, the Federal Reserve Bank of New York last June published research showing that a cyberattack affecting any of the top five U.S. banks would on average likely impair over a third of the U.S. payments network.
The Bank for International Settlements, NatWest Group PLC, Mastercard Inc., the Financial Services Information Sharing and Analysis Center, and the Swiss Computer Emergency Readiness Team, Switch-Cert, took part in planning the Locked Shields scenarios.
NATO approached Mastercard early on to assist with planning, said Ron Green, the company’s chief information security officer, in part because its European cyber resilience center is located close to the military alliance’s headquarters in Belgium.
NATO has held Locked Shields since 2010, usually as live exercises in Tallinn, Estonia. Due to the pandemic, the wargame is being held remotely, a format making this year’s drill the largest global exercise of its kind, according to NATO. That is helping test how companies might respond more realistically, Mr. Green said.
“When you think about it, when you do it for real, it won’t be that way, we’ll all be dispersed and reacting from within our company to the events as they unfold,” Mr. Green said.
His interest in participating in Locked Shields was piqued, he said, by its specific financial-services component, and the fact that it isn’t simply a tabletop exercise in which executives effectively role-play out a scenario. Instead, the simulation is what NATO calls a “live-fire exercise” involving actual attacks against systems set up for the drill and cybersecurity specialists defending against them.
“There’s a technology component where the participants protect an actual thing and then aggressors attack it. And then, collectively, all of the participants respond to the way that the aggressors are acting,” Mr. Green said.
Wargames typically set offensive and defensive teams, known as red and blue teams, against each other during rounds of play, with a white team of referees deciding the effects of maneuvers and inserting new scenarios into the game.
Similar exercises such as the Securities Industry and Financial Markets Association’s biannual Quantum Dawn events have also focused specifically on financial services. What sets Locked Shields apart is the scale of the exercise and the scope of the simulation, said Teresa Walsh, global head of intelligence at FS-ISAC, a cybersecurity consortium of nearly 7,000 financial companies.
In addition to scenarios involving the financial sector, Locked Shields participants must also react to wider events happening at the same time.
“This is more than 2,000 participants from 30 nations, so it’s a great way to get our own multinational membership involved and talk about how we would react to these types of situations,” Ms. Walsh said.
She declined to provide specifics about scenarios involving the financial sector, but the overall simulation looks at how hostile physical and cyber events in the fictional country of Berylia would affect certain interconnected industries.
“We have been doing these exercises for a while, but for me, doing it after the [coronavirus] pandemic, it shows you how physical and cyber and everything else can just collide,” Ms. Walsh said.
Exercises such as Locked Shields aren’t just useful for testing processes and playbooks, Mr. Green said, noting they also forge bonds between staff at different organizations and companies. While organizations such as FS-ISAC exist to share information on threats, working relationships with other professionals would help during extreme situations, he said.
“In case something actually does happen, these operators know the guys at the other organization because they’ve done something together, and it won’t be the first time that they’ve talked,” he said.
Write to James Rundle at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
