Identifying and Mitigating Cyber Threats to Financial SystemsSeptember 2019
Topics: Homeland Security, Next Generation Cyber Infrastructure, Cybersecurity, Network Security
When you think "critical infrastructure," you probably think of solid, physical things—highways, bridges, and power plants. And you'd be correct. But among the most crucial of the critical infrastructure sectors, or CI, is one that largely lives online: the financial services sector.
According to the Department of Homeland Security, CI "describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety."
Few would argue that how our economy works and our money flows—from paychecks, federal payments, and mortgages to the stock market, credit card charging, and beyond—fall in the "vital" category. And with repeated reports about attacks on financial institutions in the news, the topic could hardly be more relevant.
That's why, in 2018, DHS tapped MITRE to analyze the cyber threats that face this crucial segment of our daily lives. The work was part of the Next Generation Cyber Infrastructure (NGCI) Apex Program, an element of a select group of DHS Apex Programs. Each of the seven Apex Programs is designed to "look strategically at the nation’s security and address future challenges while continuing to support today’s operational needs."
Why MITRE? There are several reasons. “MITRE’s cyber expertise, ability to convene key financial sector stakeholders, and previous work in systemic risk analysis for the Department of Treasury combined to give us a unique capability to do this analysis,” says Linda Koppier, a MITRE group lead and NGCI project lead.
Finding Common Ground Against Cyber Threats
MITRE, the operator of the Homeland Security Systems Engineering and Development Institute™ (HSSEDI) federally funded research and development center, joined forces with DHS's Science & Technology directorate to produce a set of detailed technical documents aimed at shoring up the cybersecurity of the financial services sector.
The HSSEDI project team developed a suite of cybersecurity artifacts, including threat models identifying attacker methods (using MITRE’s widely adopted ATT&CK™ and CAPEC™ knowledge bases). The work ranges from the level of a single financial institution up to a systems-of-systems view, including a mapping of the financial system as a whole.
The publications also include a corresponding cyber wargaming framework linking technical and business views.
Taken collectively, the documents help support NGCI Apex use cases and provide a common frame of reference for community interaction, which supplements institution-specific threat models.
“The integrated suite of threat models MITRE created and tailored to the financial sector helps eliminate potential gaps and ensure consistency in activities from high-level planning of investments to detailed cybersecurity engineering," says Catherine McCollum, a cybersecurity chief engineer and project task leader.
"Building on these threat models to tie attacker objectives to business impacts enables development of effective cyberattack scenarios for financial sector wargaming and playbooks. Our expertise in cybersecurity threat analysis, cyber risk management, and critical infrastructure domains allowed us to bring all these threads together.”
Read the suite of NGCI Apex publications about the financial services sector.
—by Alison Stern-Dunyak
Explore more at MITRE Focal Point: Homeland Security.