World Forum of Central Securities Depositories (WFC) Cyber Security Panel 16 November 2017
Cyber Security Panel: Participants Frank Fischer, Chief Security Officer, Deutsche Boerse Group Joydeep DUTTA , Executive Director and Group CTO, CDSL India Henry Chang, Senior Manager, Fintech Facilitation Office, HKMA Javier PÉREZ-TASSO, Chief Executive, Americas and UK Region, SWIFT Roi SHAPOSHNIK , Founder and CEO, GoldnLinks Dominic WHITE , Chief Technology Officer, Sensepost Joydeep– overview of India specific cyber risks on CSDs Javier – regulatory focus and expectations on cyber resilience Henry - Cyber Sec Fortification Intiatives 2016 Senior Manager – Autor of Initiative and the Tool – outline of Cyberlandscape and program Dominic – life hack
Introduction & Backgrounder In line with the Guidance on Cyber Resilience for Financial Market Infrastructures issued by CPMI IOSCO in June 2016. This comprehensive document is viewed as a key support for PFMIs (issued in 2014) and provides meaningful guidance on issues such as: Situational awareness to understand and pre-empt cyber-events; Collaboration to drive resilience in support of broader financial stability objectives; Cyber-governance to implement and review the approach to managing protection against cyber-risks to ensure effective security controls that protect confidentiality; The integrity and availability of assets and services as well as the testing of the elements of the cyber-resilience frameworks to ensure their overall effectiveness. This panel will present ideas and experiences on how this major threat is currently being combated and how this battle will be fought in the future. We will conclude the session with a life hacking demonstration. The Audience will be asked to answer a series of questions during the session. Please use the devices on your table
Key topics of discussion Joydeep DUTTA (CDSL India) Cyber Security is the responsibility of the board, there has to be a decent board perspective Cyber defense ownership is with every employee, regulatory influence (consulted by big four) Henry CHANG (HKMA) Cyber Sec Fortification Initiatives 2016. Author of Initiative and the Tool – outline of Cyber landscape and program Collaboration among organizations (banks, depositories, FMIs) – HK Cyber intelligence sharing platform for the banking industry situational awareness, align IOSCO No guarantees – tools not enough (rules are more important than tools) – no 100% guarantee Javier PÉREZ-TASSO (SWIFT) Mindset / culture change in organizations to cover cybersecurity properly, tone from the top, “when you will be attacked” resilience in IS program Minimum mandated requirements, reg. suggestions are sounded w/Industries (engagement model w/regulator). Board / Regulatory reporting requirements (rules), leverages of the CPMI-IOSCO cyber resilience framework Roi SHAPOSHNIK (Goldnlinks) The Black Swan The Perception Cyber insurance and the influence of the business Dominic WHITE (Sensepost) how attackers think, use to prioritize a security program
Voting questions for the Audience 1. How do you organize Cyber Security? Board level responsibility Cyber / CISO report to Board Other (e.g. IT topic) 2. Do you have a board approved cyber resilience strategy? Yes No, but within six months No