NORTHFIELD, Vt. – Norwich University Applied Research Institutes (NUARI) facilitated a cyber resiliency response exercise in South Africa with 16 institutions integral to the effective operating of the South African financial markets on Sept. 12, 2016. The event underscored the adaptability of the DECIDE-FS software simulation, making this the third continent upon which the exercise platform has been utilized.
The daylong exercise on Sept. 12 followed three prior successful cyber resiliency exercises conducted with American financial institutions in 2015, 2013 and 2011, and one exercise held with banks in Singapore in 2015.
The only simulation platform of its kind, DECIDE-FS® was initially designed to test U.S. financial sector cybersecurity, and has been recently re-architected for use in other critical infrastructure arenas, such as utilities and communications. The software’s built-in assessment system measures company response protocols in the face of business disruptions such as cyber-attacks.
As part of an initiative to assess the efficacy of cyber resilience within their market, the Sept. 12 exercise was organized by Strate (Pty) Limited, the South African central depository, which partnered with NUARI, a global leader in cyber resiliency and preparedness.
“NUARI helps prepare individuals and institutions to respond to a variety of potentially catastrophic incidents which could disrupt your business model” says Dale Connock, Head of Risk, at Strate. “We take our role in the market extremely seriously. The threat we are all facing requires heightened levels of cooperation, which is why we invited market participants to this critical event. ”
The exercises for Strate were customized to simulate specific South African securities settlement and market operating conditions, and focussed primarily on the human component of cyber resilience.
The exercises focussed on two different scenarios: a distributed denial of service (DDoS) attack against market critical infrastructure, and an attack on data integrity in which cyber thieves modify select data in the capital markets transaction stream, resulting in significant disruption to automated system processes and, ultimately, the wider market.
The recently published “Guidance on cyber resilience for financial market infrastructures” calls for FMIs to demonstrate by 2017 that they could recover from a major cyberattack within two hours. It also calls for regular testing of systems.
Cyber-attacks against the financial system are frequent, sophisticated and widespread. There are myriad ways in which possible vulnerabilities could be exploited, and the development and implementation of an adaptive cyber resilience framework is essential.
NUARI built the system, called Distributed Environment for Decision-Making Exercises – Financial Sector (DECIDE – FS®), under a $9.9 million contract awarded in August 2013 by the Cyber Security Division of the Department of Homeland Security Science and Technology Directorate.
U.S. Senator Patrick Leahy (D-Vt.), a member of the Senate’s Appropriations Committee and of its Defense Subcommittee, sponsored legislation that chartered NUARI in 2002 and announced the DECIDE – FS® contract at Norwich’s Northfield campus in 2013.
“Cyber-attacks on our personal and financial and security systems are increasingly pervasive and damaging. Norwich University has done important and outstanding work in training future leaders and in helping to defend our nation’s critical infrastructure from cyber-attacks,” said Leahy. “I am proud that this respected Vermont institution contributes to our readiness to deal with this pressing national security challenge.”
“The DECIDE- FS® platform is the only system that allows industries to test their organization’s response and understand systemic risk using engaging scenarios without compromising privacy,” said NUARI President Phil Susmann. “Experience is the best teacher. These exercises provide realistic training with measurable results and encourage information sharing, cooperation and coordination to work through the disruption. Operational incidents, caused by cyber-attacks should be planned for and building resiliency within critical infrastructures is paramount, not optional.”
DECIDE-FS® replaces traditional tabletop exercises with a business simulation customized to individual business models, information technology topology, and organizational dependencies. Built on top of a financial markets simulation, business leaders are stressed with cyber threats that affect the markets – price, volume, latency, and utilities as well as how each organization is structured in terms of business model, value chains, and dependencies.
Through the simulation, individuals and organizations learn to operate under conditions that simulate reality—similar to how simulators are employed to assist in the training of pilots and mariners to be prepared for and handle emergencies.
NUARI has collaborated with the Department of Homeland Security for nearly a decade, preparing individuals and institutions to respond to catastrophic network failures, natural disasters, cyber attacks and other events that can impact market activity, communications, and essential services affecting critical infrastructures. DECIDE-FS®, created at NUARI, is a large-scale, multi-participant simulation that effectively immerses industry decision makers, securities traders, IT and business continuity managers and others into complex, simulated scenarios focused on the effects of cyber incidents and other business disruptions.
For business inquiries, please contact NUARI at 802-485-2213.
As the South African Central Securities Depository, Strate is licensed to be an independent provider of post-trade products and services for the financial markets. Strate is internationally recognized as a Financial Market Infrastructure that is trusted to use its state-of-the-art technology, international expertise and sound risk management framework to support and promote the safety and efficiency of the financial markets. Strate provides electronic settlement of equities and bonds transactions concluded on the Johannesburg Stock Exchange. It also settles transactions in money market securities and has recently introduced a collateral management service. Strate offers an asset servicing product range which augments the services it offers to issuers in terms of the Companies Act No. 71 of 2008 and the Financial Markets Act No. 19 of 2012. For more, please visit: http://www.strate.co.za/
Norwich University Applied Research Institutes (NUARI) was federally chartered under legislation sponsored by Sen. Patrick Leahy in 2002 and is funded in part through the Department of Homeland Security and the Department of Defense. NUARI has a national center to address cyber incident management challenges through research, training programs and technology development and has been a global leader for more than a decade in developing cyber war gaming, distributed learning technology, distributed simulation technology, critical infrastructure exercises, and cyber security curriculum.
DECIDE-FS® exercises serve to strengthen the resilience of the nation’s critical infrastructures in the face of cyber-attacks from nation-states and trans-national actors.