One of the key tools firms have for building resilience is exercises, which enable teams to build the muscle memory for incident response by practicing what to do in a wide variety of scenarios.
In 2022, FS-ISAC significantly expanded its breadth and scope of exercises serving the sector, from coordinating the financial sector’s participation in the world’s largest live-fire cyber exercise to enabling more than 10,000 cyber practitioners at member firms to practice responding to plausible real-world scenarios.
FS-ISAC continues to support the global financial sector by providing a virtual team exercise for any group or team across organizations of all sizes. For the first time in 2022, CAPS provided 3 versions of its scenario to accommodate Securities and Investments, Insurance, and Banking. This allows a shared scenario to be provided amongst various industry segments to identify the implications of an incident across the entirety of the sector.
CAPS looks to improve the applicability of its scenarios to both Insurance and Securities and Investments for 2023 and will build on the progress it made for regional language promotion and support in 2022.
This year was our organisation’s first involvement in the CAPS 2022 exercise, and the feedback from participants was overwhelmingly positive. It highlighted the importance of cross functional involvement across the wider business teams and demonstrated it is not just an information security challenge.
Held annually in April, Locked Shields is the world’s largest and most complex international live-fire cyber defense exercise. Led by NATO’s CCDCOE (Cooperative Cyber Defence Centre of Excellence), the exercise simulates a multi-faceted, multi-sector attack by one nation-state on its neighbor.
As a primary planning partner, FS-ISAC worked with member organizations and key sector partners to develop the financial sector elements for all levels of the exercise. Locked Shields is an important opportunity for FS-ISAC to promote information sharing across borders and between sectors, as well as enhance public-private partnerships and collective defense to strengthen the resiliency of the global financial system. FS-ISAC continues to support this initiative and is actively engaged in Locked Shields planning for 2023.
FS-ISAC supported and participated in this public-private exercise to understand the US financial sector’s policies, procedures, and general readiness to coordinate communications and messaging during a cybersecurity incident.
FS-ISAC’s Media Response Team was integral to the discussion on how FS-ISAC engages with its members and partners during an incident to assist with public messaging around sector health.
This discussion highlighted ways in which FS-ISAC and government partners can work closer together prior to public messaging to increase alignment in communication and anticipate questions from the press.
As part of its continuing support of the sector’s broad preparedness and operational resilience efforts, FS-ISAC provided an environment for participants to act out their policies and procedures in real-time in response to a large-scale attack on a global financial institution.
Steel Resolve is a significant step in the sector’s ability to observe and assess incident response capabilities at the firm level, the interaction between firms, and the public-private partnership activities.
Through this exercise we were able to identify several opportunities to improve information sharing and sector coordination across FS-ISAC committees. These recommendations will be incorporated into FS-ISAC’s playbook to enhance its ability to support the incident management process.
During October Cybersecurity Awareness Month, FS-ISAC and its partner Cyberbit hosted a tournament for cybersecurity teams around the world to respond to live-fire cyberattack simulations replicating attacks they may encounter in real life.
Teams were evaluated based on industry standard incident response KPIs including investigation, eradication, and remediation goals, as well as their response times. The exercise provided a virtual arena emulating an organizational network and a virtual security operations center (SOC) that simulated the live attacks and automatically scored the teams based on their achievements.