nybf 2014 - cyber threats

SWIFT Business Forum New York

1 SWIFT Business Forum New York - March 4, 2014

#BFNY

Cyber Threats The Battle Continues

March 04th 2014

Agenda

• Excerpts from Cyber Security Session at SIBOS 2013

– Internal Threats

– Security Spending

– Cyber Attacks

– Hack-tivism

– What keeps you up at night?

– Regulation

• What can SWIFT do?

– An innovative idea


Internal Threats

• Traditional practices still important

• Know your data

• Technologies to detect out of character activity

– Anticipate errors

– Spot patterns to detect

• Education

• Road test procedure

• Lock down

• Fast response & recovery is key

• There are no guarantees

• There's more to do


Security Spending

• Spending on security is growing

• Cycles of investment

– Prevention

– Detection

– Rapid response

– Recovery and business continuity

• Board level issue

• Attacks and solutions continuously evolve


AM Business Forum 2014 - Messaging Protocols 8

Cyber Attacks

• Attacks are growing

• More sophistication

• Intelligence sharing is key

• Softer targets are vulnerable

• Technology is fundamental

• Telecom providers are vital resources


Hack-tivism

• Not driven by profit

• Willing to take more risk

• Motivations are different

• Deeper pockets

• State-sponsored?


What Keeps You Up at Night

• There is always the next threat

• Not just protecting your own institution

• Interconnected world

• Need a playbook

• Exercise your defenses


Regulation

• Policies not prescriptive regulation

• Public Private Partnership

• Soft targets will be repeatedly attacked

• Collaboration beween regulators is vital

• Joint exercises – i.e. Quantum Dawn 2


Summary

• These events will occur

• How will we recover

• Think about issue in advance

• It is a risk issue, not an IT issue

• Have the intel

• Monitor

• Be able to respond & investigate


AM Business Forum 2014 - Messaging Protocols 18

SWIFT on Cyber Security

SWIFT CEO Gottfried Leibbrandt spoke at the European

Commission High Level Conference on Cyber-Security in

Brussels on February 28th

• The cyber threat is very real and persistent

• Cyber-attacks are getting ever more sophisticated, better

organised and funded

• Cyber concerns are not new for SWIFT

• The network meets the highest standards in terms of

confidentiality, integrity and availability

• As a global infrastructure, we would like to see:

– International coordination

– Standards

– Vibrant ecosystems of experts and providers


Using SWIFTNet Browse as a

contingency channel

Arnaud Boulnois: head of product

management Messaging.

[email protected]

March 04th 2014

21

SWIFTNet Browse can provide a

ready-to-use secure and reliable channel

for users to access web applications,

when the normal connectivity path is

unavailable.

SWIFT Business Forum New York - March 4, 2014

Normal service:

22

User Service

Provider

Web Server

www.webap1.bankABC.com

Web address:

www.webap1.bankABC.com

SWIFT is used to support STP flows:

- FileAct

- MT over the FIN platform

- iso20022 via IA S&F

Internet is used as the main channel to support web

based applications. They provide:

- manual data entry.

- consultation of statement and position

- manual upload / download of files.


For reasons that many service providers have

experienced, the internet channel can be

unavailable, and outages can last days…

Next slides explains how SWIFT solutions allow

the bank and its customers to continue to do

business in a secured environment


Solution for the Bank: be ready to manage

Browse service via SWIFTNet

24

webap1.bankABC.browse.swiftnet.sipn.swift.com

STEP 1

- Register as a SWIFTNet Browse service

provider

- Integrate the web application with SWIFT

“federated identity platform”, using SAML 2.0

technology

- Publish your service on swift.com

user Service

Provider

X


Solution for the bank’s customers: be ready

to reach the service via SWIFT

There will be 2 ways to reach the service:

Via the SWIFT private network (option 1).

Over Internet via SWIFT Internet Service Providers (option 2).

25

User Service

Provider

webapp1.bankABC.browse.swiftnet.sipn.swift.com

X

STEP 2:

- Have customers registered into the service

- Have one valid SWIFT certificate per user

(SWIFTNet certificate and 3skey later).

- Make sure connectivity is available.

Option 2:

Internet

Option 1:

Secured

private

network

Secured

private

network


Service key characteristics

• No emergency activation or provisioning

• Can also be used as primary channel

Service is available immediately

• Re-use existing SWIFTNet infrastructure

• Make sure you have the correct bandwidth

• Make the best use of your SWIFT spare capacity

Setup is easy

• Can reach via internet or SWIFT network

• Minimize loss of access to web application

Will also help your customers

• Shutting down one channel has less impact on the business.

Will make your operations easier


Service provider: setup and activation of the

service

Register as service

provider on Browse

(use SPF Form with

assistance of

SWIFT).

Wait for SWIFT to

provision the service

and create dedicated

www.swift.com

registration page for

service users.

Define connectivity

solution to make the

Web Server reachable

via SWIFTNet and

Integrate it with SWIFT

IDP.

Validate users

registrations

(same process as

MA-CUG registration

management).


Service user: activation process for

SWIFTNet users (option 1).

Have institution

registered into the

service (via

www.swift.com

dedicated page)

Get confirmation from

SWIFT that the bank

has accepted the

request.

Install security device,

webplatform, create

certificate, update DNS

and proxy settings.

Test and validate

connectivity.


http://www.swift.com/

SWIFT connection provides peace-of-mind

29

• Highly available connectivity "ready-to-use"

• Secure and reliable infrastructure - used by many

financial institutions and corporates worldwide

• Several connectivity options available (bandwidth,

resilience, etc)

• Corporate users can re-use their infrastructure

• Easy to integrate in your web server environment

• Strong user authentication by SWIFT

• Consultancy services available for smooth

implementation


Easy ordering and implementation steps

30

• No charges to corporate user

• Service provider pays yearly

fee to cover all traffic

(fixed fee per year to connect

a number of users)

• Use our consultancy services to

o analyse capacity (eg bandwidth)

requirements and upgrade if required

o integrate the solution in your web server

environment

• Define and setup the

service with SWIFT

(such as URL)

• Ask your corporate

users to subscribe


Q&A


32

Thank you


Please provide us with your feedback!

• Kindly complete the survey form and submit upon exiting


Beyond GDP: What is real wealth


John C. Havens

The H(app)athon Project

#BFNY

nybf 2014 - cyber threats

Economy & Finance