Recently, the Financial Services Information Sharing and
Analysis Center (FS-ISAC) announced
the launch of the CERES (CEntral banks, REgulators and Supervisory
entities) Forum. The inaugural global community will bring together financial
regulators, central banks and supervisors to combat cyber and physical crime,
enhancing financial sector resiliency.
Established in 1999, the FS-ISAC is a non-profit, member-driven
organisation which aims to help assure the resilience and continuity of the
global financial services infrastructure and individual firms against acts that
could significantly impact the sector’s ability to provide services critical to
the orderly function of the global economy. Funded by its 7,000 member firms
headquartered in 44 countries with users in 72 countries, FS-ISAC shares threat
and vulnerability information, conducts coordinated contingency planning
exercises, manages rapid response communications for both cyber and physical
events, conducts education and training programs and fosters collaborations
with and among other key sectors and government agencies.
As such, FS-ISAC launched the CERES Forum which is a new
information sharing group for central banks, regulators and supervisors to
share information impacting global security and resiliency. It is the first
such global platform bringing together these entities to guard against
ever-growing cyber and physical threats and to meet their unique needs.
“Cyberthreats have
become increasingly frequent, complex and sophisticated,” said Bill Nelson,
President and CEO of FS-ISAC.
“The sharing of information and best practices among
authorities in a timely way to address the rapidly evolving threats is critical.
Today, there is no dedicated forum or system for regulators, central banks and
supervisors to share information on cyber and physical threats. The CERES Forum
will bridge that gap with a platform that facilitates secure sharing of
information about threats, vulnerabilities and incidences to stay ahead of
crime,” he added.
This CERES Forum will:
(1)
Provide a trusted means for central banks,
regulators and supervisors to share best practices related to regulatory and
compliance controls;
(2)
Gather useful feedback about most effective
controls; and
(3)
Distribute rapidly information on cyberthreats,
vulnerabilities, incidents and other threat intelligence that could impact
financial services, including attacks that target central banks, regulators and
supervisors themselves.
According to the press release, the impact of cyberattacks
including the 2017 WannaCry, data breaches and account takeover attacks
leveraging global payments systems against central banks and regulators
demonstrate that security is a global concern. The CERES Forum will help these
entities be more effective in defending against attacks that could impact the
global financial services sector and the world’s economies.
Separate from the FS-ISAC community of banks, credit unions,
insurance companies, investment companies and other financial institutions, the
CERES Forum provides a trusted means for central banks, regulators and
supervisors to share best practices. A new standalone secure portal and
processes will also help to ensure FS-ISAC member confidentiality.
While employees working in operations from over three dozen
central banks, regulators and supervisory entities are already members of
FS-ISAC, this is the first time a community is being created to focus on the
needs of supervisory and regulatory employees.
FS-ISAC noted the effort and contribution of Monetary Authority of
Singapore (MAS) in conceptualising the CERES Forum, saying that the
Singapore agency has “played a key role” in the formation of the Forum.
“There is a pressing need to enhance
situational awareness of cyber threats. The CERES Forum will help us do this.”
said Mr Tan Yeow Seng, Chief Cyber Security Officer and Executive
Director (Technology Risk and Payments), MAS.
“This initiative is timely following the
recent decision by ASEAN Finance Ministers and Central Bank Governors to
facilitate information sharing on cyber threats and incidents in the region.
The CERES Forum complements on-going efforts by MAS and financial institutions
in Singapore to strengthen cyber resilience in our financial sector. We look
forward to working with fellow central banks and financial regulators on this
project,” Mr Tan added.
Previously, the MAS also collaborated with FS-ISAC to
establish an Asia
Pacific Regional Intelligence and Analysis Centre to encourage
sharing and analysis of cybersecurity information between financial
institutions in the region.
The establishment of the Centre will strengthen the
APAC cybersecurity ecosystem by providing deeper capabilities in cyber
intelligence gathering and analysis for enhanced in-region intelligence
support. The Centre will employ local analysts who will monitor cyber threats
to member financial institutions in the region and provide analysis as well as
recommend courses of action to mitigate those threats.