MAS plays key role in world's 1st threat information sharing group for central banks and regulators
Recently, the Financial Services Information Sharing and Analysis Center (FS-ISAC) announced the launch of the CERES (CEntral banks, REgulators and Supervisory entities) Forum. The inaugural global community will bring together financial regulators, central banks and supervisors to combat cyber and physical crime, enhancing financial sector resiliency.
Established in 1999, the FS-ISAC is a non-profit, member-driven organisation which aims to help assure the resilience and continuity of the global financial services infrastructure and individual firms against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global economy. Funded by its 7,000 member firms headquartered in 44 countries with users in 72 countries, FS-ISAC shares threat and vulnerability information, conducts coordinated contingency planning exercises, manages rapid response communications for both cyber and physical events, conducts education and training programs and fosters collaborations with and among other key sectors and government agencies.
As such, FS-ISAC launched the CERES Forum which is a new information sharing group for central banks, regulators and supervisors to share information impacting global security and resiliency. It is the first such global platform bringing together these entities to guard against ever-growing cyber and physical threats and to meet their unique needs.
“Cyberthreats have become increasingly frequent, complex and sophisticated,” said Bill Nelson, President and CEO of FS-ISAC.
“The sharing of information and best practices among authorities in a timely way to address the rapidly evolving threats is critical. Today, there is no dedicated forum or system for regulators, central banks and supervisors to share information on cyber and physical threats. The CERES Forum will bridge that gap with a platform that facilitates secure sharing of information about threats, vulnerabilities and incidences to stay ahead of crime,” he added.
This CERES Forum will:
(1) Provide a trusted means for central banks, regulators and supervisors to share best practices related to regulatory and compliance controls;
(2) Gather useful feedback about most effective controls; and
(3) Distribute rapidly information on cyberthreats, vulnerabilities, incidents and other threat intelligence that could impact financial services, including attacks that target central banks, regulators and supervisors themselves.
According to the press release, the impact of cyberattacks including the 2017 WannaCry, data breaches and account takeover attacks leveraging global payments systems against central banks and regulators demonstrate that security is a global concern. The CERES Forum will help these entities be more effective in defending against attacks that could impact the global financial services sector and the world’s economies.
Separate from the FS-ISAC community of banks, credit unions, insurance companies, investment companies and other financial institutions, the CERES Forum provides a trusted means for central banks, regulators and supervisors to share best practices. A new standalone secure portal and processes will also help to ensure FS-ISAC member confidentiality.
While employees working in operations from over three dozen central banks, regulators and supervisory entities are already members of FS-ISAC, this is the first time a community is being created to focus on the needs of supervisory and regulatory employees.
FS-ISAC noted the effort and contribution of Monetary Authority of Singapore (MAS) in conceptualising the CERES Forum, saying that the Singapore agency has “played a key role” in the formation of the Forum.
“There is a pressing need to enhance situational awareness of cyber threats. The CERES Forum will help us do this.” said Mr Tan Yeow Seng, Chief Cyber Security Officer and Executive Director (Technology Risk and Payments), MAS.
“This initiative is timely following the recent decision by ASEAN Finance Ministers and Central Bank Governors to facilitate information sharing on cyber threats and incidents in the region. The CERES Forum complements on-going efforts by MAS and financial institutions in Singapore to strengthen cyber resilience in our financial sector. We look forward to working with fellow central banks and financial regulators on this project,” Mr Tan added.
Previously, the MAS also collaborated with FS-ISAC to establish an Asia Pacific Regional Intelligence and Analysis Centre to encourage sharing and analysis of cybersecurity information between financial institutions in the region.
The establishment of the Centre will strengthen the APAC cybersecurity ecosystem by providing deeper capabilities in cyber intelligence gathering and analysis for enhanced in-region intelligence support. The Centre will employ local analysts who will monitor cyber threats to member financial institutions in the region and provide analysis as well as recommend courses of action to mitigate those threats.