Cyber Risk and Resilience: Strategies, Policies and Frameworks for Central Banks

Cyber Risk and Resilience: Strategies, Policies and Frameworks for Central Banks

Cyber Risk and Resilience: Strategies, Policies and Frameworks for Central Banks

Course Chair: Chris Gale, former Senior Vice President, Federal Reserve Bank of Boston  

Tuesday - 21 May 2019

Central Banking Cyber Landscape in 2019

Cyber resilience: current challenges and advancements



  • Evolution of forces, trends and dynamics shaping the digital landscape in 2019
  • Unavoidable risks, critical challenges and emerging opportunities of disruptive technological innovation
  • Key features of effective cyber resilience frameworks, measures and strategies
  • New roles and responsibilities of central banks, regulators and supervisors

Making the most of Cloud: capacity vs security



  • The state of the art of cloud computing
  • Overview of the technological foundations and building blocks
  • Examples of uses and applications in the central banking and supervisory environment
  • Tips for effective management of limitations and potential legal and security risks

What are the most significant cyber risks in 2019? (And which ones should you really worry about?)



  • Overview of local and systemic implications of different types of cyber risk
  • Impact on financial, operational and regulatory frameworks
  • Examples of successful as well as prevented cyber attacks
  • Discussion: what risks do the cyber experts need to focus on as a priority?

Wednesday - 22 May 2019

Resilience in Action: Cross-sectoral Case Studies

Designing a pan-European cyber framework: the TIBER-EU case study



  • Motivations and objectives behind the Threat Intelligence-based Ethical Red Teaming (TIBER-EU) Framework
  • Overview of the three-phase process for an end to end test
  • Key stakeholders involved in the adoption and implementation of TIBER-EU tests
  • Coordination of the pan-European framework with national and jurisdictional initiatives

Cross-industry guidance: strengthening resilience of digitalised financial ecosystems


  • Overview of key risks for infrastructures based on computer systems and digital information
  • Examples of intelligence-led exercises against critical financial systems
  • The role of cooperation and coordination between the regulator and the regulated
  • Case study: design and implementation of the Central Bank of Ireland’s initiative

Workshop: detection, investigation and prevention of DDOS attacks



  • Key features of Distributed Denial of Services (DDoS) attacks
  • Implications for the work of central bankers, regulators and supervisors
  • Applications of advanced technology in identification on DDoS attacks
  • Hands-on exercises: detection of anomalies in cyber networks

Workshop: dealing with weaponization of AI and machine learning



  • The state of the art of Artificial Intelligence and Machine Learning
  • Overview of the uses and applications in the cyber landscape
  • Examples of AI and Machine Leaning based cyber attacks
  • Examples of AI and Machine Learning based defence measures

What are the cyber security implications of digital money?



  • Differences and overlaps between digital money and crypto assets
  • Examples of frameworks helping to monitor and assess the wider impact on the financial system
  • Implications for the work of cyber experts in central banks and regulatory and supervisory authorities
  • Discussion: Should central banks issue their own digital money?

Thursday - 23 May 2019

Resourcing, Governance and Performance

Workshop: budgeting, strategy and performance management



  • Overview of “traditional” resourcing for cyber and related risks
  • Managing needs of competing departments to develop an across-the-bank view
  • Generating buy-in from leadership groups and the board
  • Hands on exercise: performance review of a central bank’s cyber strategy and budget

Attracting, retaining and incentivising technology talent



  • Overview of the staffing needs of the technology function, now and in the future
  • Local labour pool: how to maximise the potential
  • How to bring flexibility to hiring, contracts and working practices
  • Hands on exercise: review and critiquing of remuneration and incentivisation schemes

Good practice cyber governance: an expert view



  • Challenges for the board in cyber risk management: balancing competing demands
  • Key components of the risk management framework for cyber security
  • Examples of security awareness strategies and new developments in 2019
  • Accountability in enforcing security awareness strategies

Friday - 24 May 2019

New Opportunities and Key Risks for 2020

What is the true capability of DLT, Big Data analytics and Machine Learning in cyber resilience?


  • Overview of current approach to cyber resilience: scope and limitations
  • Practical examples of disruptive technologies adding to cyber resilience
  • Tips for trialling technologies and integrating them with existing defences
  • Hands on exercise: evaluating security strategies and resiliency measures implemented in central banks

Will a cyber-attack cause the next financial crisis?



  • Causes of previous crises: what can be learned from the past
  • Overview of today’s financial system and discussion of potential weak points
  • Examples of cyber-attacks and their impact on financial systems
  • Hands on exercise: drafting business resilience plan for central bank and its financial system

Delegate action points and course conclusion



  • Summary of the sessions’ content and key takeaways
  • Discussion of the observed trends and case studies
  • Application of learning points in the delegates’ home organisations
  • Preparation of action points