Cyber Risk and Resilience: Strategies, Policies and Frameworks for Central Banks

Cyber Risk and Resilience: Strategies, Policies and Frameworks for Central Banks

Cyber Risk and Resilience: Strategies, Policies and Frameworks for Central Banks

Course Chair: Chris Gale, former Senior Vice President, Federal Reserve Bank of Boston  

Tuesday - 21 May 2019

Central Banking Cyber Landscape in 2019

Cyber resilience: current challenges and advancements

Led by the chair, Chris Gale

  • Evolution of forces, trends and dynamics shaping the digital landscape in 2019
  • Unavoidable risks, critical challenges and emerging opportunities of disruptive technological innovation
  • Key features of effective cyber resilience frameworks, measures and strategies
  • New roles and responsibilities of central banks, regulators and supervisors

Making the most of Cloud: capacity vs security

Jake Middleton, Vice President & Information Security Officer, Federal Reserve Bank of Chicago

  • The state of the art of cloud computing
  • Overview of the technological foundations and building blocks
  • Examples of uses and applications in the central banking and supervisory environment
  • Tips for effective management of limitations and potential legal and security risks

What are the most significant cyber risks in 2019? (And which ones should you really worry about?)

Panel discussion with Jake Middleton, Vice President & Information Security Officer, Federal Reserve Bank of Chicago and Tom Keating, Senior Adviser and Head of Operational Risk Policy Group, Central Bank of Ireland and Chris Gale

  • Overview of local and systemic implications of different types of cyber risk
  • Impact on financial, operational and regulatory frameworks
  • Examples of successful as well as prevented cyber attacks
  • Discussion: what risks do the cyber experts need to focus on as a priority?

Wednesday - 22 May 2019

Resilience in Action: Cross-sectoral Case Studies

Testing, simulations and post-incident review: case-study analysis

Asif Mahmood, BCP Coordinator
and Shehzad Ali Sharif, Deputy Director BCP, State Bank of Pakistan

  • Case-study analysis of strategies and systems under stress tests simulations
  • How to identify gaps and failures for reporting and effective post-procedures
  • The roles and responsibilities of risk practitioners against cyber risks
  • Application and implementation of new tools against evolving disruptions 

Developing and implementing a strong governance model to ensure robustness

Claudio Pastori, Process Manager, Directorate General Information Systems, European Central Bank

  • Overview of the internal governance IT model in the European Central Bank (ECB)
  • Key features of the framework for effective service level management
  • Benefits and opportunities of establishing an end-to-end service management concept
  • Discussion: what are the common challenges of developing and implementing a new governance model?

Workshop: detection, investigation and recovery from cyber attacks

Kimmo Soramäki, Founder and CEO, Financial Network Analytics and founding Editor-in-Chief, Journal of Network Theory in Finance

  • Key features of Distributed Denial of Services (DDoS) attacks
  • Implications for the work of central bankers, regulators and supervisors
  • Applications of advanced technology in identification on DDoS attacks
  • Hands-on exercises: detection of anomalies in cyber networks

Workshop: dealing with weaponization of AI and machine learning

Graham Mann, Director, CyberSpace Defence Ltd.

  • The state of the art of Artificial Intelligence and Machine Learning
  • Overview of the uses and applications in the cyber landscape
  • Examples of AI and Machine Leaning based cyber attacks
  • Examples of AI and Machine Learning based defence measures

Cross-industry guidance: strengthening resilience of digitalised financial ecosystems

Tom Keating, Senior Adviser and Head of Operational Risk Policy Group, Central Bank of Ireland

  • Overview of key risks for infrastructures based on computer systems and digital information
  • Examples of intelligence-led exercises against critical financial systems
  • The role of cooperation and coordination between the regulator and the regulated
  • Case study: design and implementation of the Central Bank of Ireland’s initiative

Thursday - 23 May 2019

Resourcing, Governance and Performance

Workshop: Central banks cyber security: risk resilience & crisis management

Led by the chair, Chris Gale

  • Interactive workshop assessing cyber security strategies against digital attacks
  • Measuring business impact analysis (BIA) of operational outage
  • Crisis management for disruptions to operational systems
  • Risk resiliency strategies and measures against digital interruptions 

What are the cyber security implications of digital money?

Klaus Löber, Senior Adviser, Market Infrastructure and Payments, European Central Bank

  • Differences and overlaps between digital money and crypto assets
  • Examples of frameworks helping to monitor and assess the wider impact on the financial system
  • Implications for the work of cyber experts in central banks and regulatory and supervisory authorities
  • Discussion: Should central banks issue their own digital money?

Good practice cyber governance: an expert view

Roland Wettstein, former Head of IT Banking Applications & Deputy Director, Swiss National Bank

  • Challenges for the board in cyber risk management: balancing competing demands
  • Key components of the risk management framework for cyber security
  • Examples of security awareness strategies and new developments in 2019
  • Accountability in enforcing security awareness strategies

Friday - 24 May 2019

New Opportunities and Key Risks for 2020

What is the true capability of DLT, Big Data analytics and Machine Learning in cyber resilience?

Panel discussion with Roland Wettstein, former Head of IT Banking Applications & Deputy Director, Swiss National Bank and Chris Gale, former Senior Vice President, Federal Reserve Bank of Boston  

  • Overview of current approach to cyber resilience: scope and limitations
  • Practical examples of disruptive technologies adding to cyber resilience
  • Tips for trialling technologies and integrating them with existing defences
  • Hands on exercise: evaluating security strategies and resiliency measures implemented in central banks

Will a cyber-attack cause the next financial crisis?

Closing panel with speakers from FinTech and RegTech seminars

  • Causes of previous crises: what can be learned from the past
  • Overview of today’s financial system and discussion of potential weak points
  • Examples of cyber-attacks and their impact on financial systems
  • Hands on exercise: drafting business resilience plan for central bank and its financial system

Delegate action points and course conclusion

Led by the chair, Chris Gale

  • Summary of the sessions’ content and key takeaways
  • Discussion of the observed trends and case studies
  • Application of learning points in the delegates’ home organisations
  • Preparation of action points