The U.S. financial services industry’s largest cybersecurity consortium is leading cyberdefense simulations this week on behalf of the North Atlantic Treaty Organization in what it bills as “live-fire” exercises designed to emulate realistic cyber incidents.
The groups
The CCDCOE, which is based in Estonia, is also partnering with a number of entities besides FS-ISAC to run this year’s exercises, including Siemens, Microsoft, Fortinet and others in Estonia and Finland. The event is an opportunity for national, civilian and military IT operators to practice defending their systems and critical infrastructure from large-scale cyberattacks.
“Our Centre’s member nations have designated Locked Shields as the premier annual training event for their top-tier national cyberdefense teams,” said Col. Jaak Tarien, the director of CCDCOE.
The simulations help critical infrastructure operators build “muscle memory” as they practice tactical and strategic decision making, according to Teresa Walsh, global head of intelligence at FS-ISAC, which serves financial institutions in more than 70 countries and has its headquarters in Reston, Virginia.
Locked Shields also tests firms, governments and militaries on their ability to cooperate and quickly set up a chain of command in simulated crises that also emulate forensic and legal issues they would face during an actual cyberattack.
“Cooperation at this scale reflects the interdependencies of all critical infrastructure sectors and the public sector,” said Steven Silberstein, the chief executive of FS-ISAC. “Leading the financial sector scenario is a natural extension of our role in promoting information sharing and collective defense to strengthen the resiliency of the global financial system.”
FS-ISAC also partnered with firms including Mastercard and Santander to develop and inform the financial services sector scenario.
“In cybersecurity, you don’t want to invent something new in the middle of a crisis,” said Ron Green, chief security officer at Mastercard. “That’s the value of large-scale, cross-border exercises like Locked Shields. They give both the public and private sectors an opportunity to test, analyze and enhance our response capabilities in a real-world environment.”
Green said Locked Shields also provides an opportunity for participants “to see how collaboration and information sharing can help us to address cyber threats more efficiently,” adding, “Together, we are stronger.”
While the exercises cross sectors, financial services stands to benefit greatly.
“Out of the top ten worst-scoring decisions, five came from the financial services industry,” the report stated. “The lowest performing of these was how to respond after being double extorted following payment to a ransomware actor.”
As part of the report, Immersive Labs retained two psychologists, Rebecca McKeown and John Blythe, to offer perspectives on the findings. Among their top conclusions: “The more an organization exercises their abilities, the better they become,” McKeown and Blythe said.
The two said regular practice allows individuals to learn the fundamentals of incident response, reinforce the knowledge to ensure it does not fade, and to make connections between decisions in simulations and real-life incidents.
“A real crisis is not the time for learning,” the psychologists said. “This is a core tenet of cognitive agility.”
