Project Overview
FINSEC business drivers and motivations
The infrastructures of the financial sector are nowadays more critical, sophisticated and interconnected than ever before, which makes them increasingly vulnerable to security attacks. Despite increased awareness, most security measures remain fragmented and static and are thus inappropriate for confronting sophisticated and asymmetric attacks.
Overall the state of the art security systems and measures in financial organisations exhibit the following limitations: a lack of integration between physical and cyber security systems; poor handling of asymmetric security attacks, including advanced cyber threats; difficulty in compliance with emerging standards and regulations; lack of adequate stakeholders' collaboration; coupling of security systems and processes with business systems and processes.
FINSEC,
A security innovation project funded by the European Commission under the H2020 project
FINSEC, (Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures), is a flagship project which will develop, demonstrate and bring to market an integrated, intelligent, collaborative and predictive approach to the security of critical infrastructures in the financial sector. To this end, FINSEC will introduce, implement and validate a novel reference architecture for integrated physical and cyber security of critical infrastructures, which will enable handling of dynamic, advanced and asymmetric attacks, while at the same time boosting financial organizations’ compliance to security standards and regulations. As a result, FINSEC will provide a blueprint for the next generation security systems for the critical infrastructures of the financial sector.
FINSEC vision and main concept
FINSEC considers the critical infrastuctures of the financial sector as large-scale cyber-physical systems, which must be protected based on a holistic approach that considers both physical security risks and cyber-security risks, along with their interrelationships, interactions and cascading effects across the financial services supply chain.
FINSEC will introduce a novel, standards-based Reference Architecture (RA) for combined cyber and physical security of critical infrastructures in the financial services industry. This reference architecture will be integrated, as it will consider critical infrastructures as cyber-physical systems, while integrating technologies and measures for cyber and physical security. It will be driven by standards for cyber security and physical security in general (e.g. ISO 27000 and ISO 28000) and financial services standards (e.g. ISO/TC 68/SC 2). Mechanism for intelligent and adaptive monitoring and data collection will be difined taking in account the physical-cyber security context. It will be both collaborative and participatory as it will allow all participating stakeholders to collaborate in vulnerability assessment, risk analysis, threatidentification and more.
FINSEC approach
Integrated Cyber and Physical Security
Integrated
FINSEC's unified approach is motivated by the need to reduce the fragmentation of the security systems and teams in financial organizations, while at the same time streamlining their activities and gaining extra efficiencies from possible correlations between cyber security and physical security incidents.
Predictive Security for Critical Infrastructures
Predictive
FINSEC's predictive approach will be based on the collection and analysis of security related data as a means of anticipating security incidents before they actually occur. This apporach will enable financial organisations to plan for mitigations activities earlier and in the proper context.
Security Data Sharing and Information Exchange
Collaborative
FINSEC's collaborative approach will be based on stakeholders' collaboration across the financial services supply chain in the identification, assessment and mitigation of risks, including their cascading effects. FINSEC will provide tools based on Blockchain technology to facilitate information exchange.
FINSEC pilots and applications
FINSEC platform will be tested in five pilots involving high-impact scenarios that will engage hundreds (500+) of security and finance experts, while providing a representative coverage of the financial services industry (i.e. banking, capital management, insurance, card & Peer To Peer payments), which is a sound basis for FINSEC’s broader impact.
Attacking the SWIFT Network and its connected cyber & physical Assets
Correlating physical and cyber attacks in buildings and ATM networks
Predictive protection of Peer-To-Peer payments infrastructures
Protecting the infrastructures of small financial institutes through Security-as-a-Service
Insurance and management of risks in Public Critical Infrastructures
Deliverables
Public deliverables from the project will be published here
Report on Applicable Standards and Regulations
Modelling and spcifications for Integrated, Collaborative and Predictive Security
FINSEC Reference Architecture I
Predictive Security Analytics Infrastructue I
Report on Integrated BigData Infrastructure I
Market Platform Architecture and Technical Specifications
Disclaimer
These deliverables may be subject to final acceptance by the European Commission. The results of these deliverables reflect only the author's view and the Commission is not responsible for any use that may be made of the information it contains.
These documents and its content are the property of the FINSEC Consortium. The content of all or parts of these documents can be used and distributed provided that the FINSEC project and the document are properly referenced.
Open Acces Publications
Security Challenges for the Critical Infrastructures of the Financial Sector
Ernesto Troiano | Maurizio Ferraris | John Soldatos
A Reference Architecture for Securing Infrastructures in the Finance Sector
Ernesto Troiano | John Soldatos | Ariana Polyviou | Alessandro Mamelli | Ilesh Dattani
FINSTIX: A Security Data Model for the Financial Sector
Giorgia Gazzarata | Enrico Cambiaso | Ivan Vaccari | Ariana Polyviou | Alessio Merlo | Luca Verderame
Artificial Intelligence Gateway for Cyber-Physical Security in Critical Infrastructure and Finance
Marian Ghenescu | Serban Carata | Roxana Mihaescu | Sabin Floares
Information Sharing and Stakeholders' Collaboration for Stronger Security in Financial Sector Supply Chains: A Blockchain Approach
Ioannis Karagiannis | Konstantinos Mavrogiannis | John Soldatos | Dimitris Drakoulis | Ernesto Troiano | Ariana Polyviou
Automated Assistance to the Security Assessment of API for Financial Services
Andrea Bisegna | Roberto Carbone | Mariano Ceccato | Salvatore Manfredi | Silvio Ranise | Giada Sciarretta | Alessandro Tomasi | Emanuele Viglianisi
Adaptive and Intelligent Data Collection and Analytics for Securing Critical Financial Infrastructure
H. Abie | S. Boudko | O. Soceanu | L. Greenberg | A. Shribman | B. Gallego-Nicasio | E. Cambiaso | I. Vaccari | M. Aiello
Detection of innovative low-rate denial of service attacks against critical infrastructures
Enrico Cambiaso | Ivan Vaccari | Maurizio Aiello
The Ethical Aspects of Critical Infrastructure Protection
Marina Da Bormida
SlowTT: A Slow Denial of Service Against IoT Networks
Ivan Vaccari, Maurizio Aiello, Enrico Cambiaso
MQTTset, a New Dataset for Machine Learning Techniques on MQTT
Ivan Vaccari, Giovanni Chiola, Maurizio Aiello, Maurizio Mongelli, Enrico Cambiaso
SlowITe, a Novel Denial of Service Attack Affecting MQTT
Ivan Vaccari, Maurizio Aiello, Enrico Cambiaso
Evolutionary Game for Confidentiality in IoT-enabled Smart Grids
Svetlana Boudko, Peder Aursand and Habtamu Abie
Consortium
The 23 partners of the FINSEC Consortium, representing 10 different countries: Cyprus, France, Germany, Greece, Israel, Italy, Norway, Romania, Spain and United Kingdom
Events
Second ECSCI Workshop
Virtual Workshop
April 27-29, 2022
The meeting will be held in virtually on Google Meet with the participation of representants of the clustered projects and several external experts, targeting topics such as Risk assessment for critical infrastructures, Integrated cyber-physical security and Combining safety and security.
Second ECSCI Workshop web page for information and registration
CPS4CIP 2020
Virtual workshop
September 14-18, 2020
CPS4CIP’20 is supported by the projects of the European Cluster for Securing Critical Infrastructures (ECSCI) and is dedicated to the cyber-physical security for protecting critical infrastructures that support finance, energy, health, air transport, communication, gas, and water. For more information visit: https://sites.google.com/fbk.eu/cps4cip20
FINSEC Stakeholders' Workshop
Berlin, Germany
Fujitsu Technology Solutions GmbH, Wohlrabedamm 32, 13629
Postponed
Cyber and Physical Security in Financial Insitutions: The latest innovations - FINSEC stakeholders workshop will present developments achieved in FINSEC project, starting from monitoring tools, security data model extension (from STIX to FINSTIX), and the advantages of an integrated platform for cyber-physical security.
For more details on Agenda and registration, check: https://www.eventbrite.co.uk/e/cyber-and-physical-security-in-financial-insitutionsthe-latest-innovations-tickets-91769455913
ECSCI Workshop
Virtual workshop
June 24-25, 2020
The meeting will be held in virtually on Google Meet with the participation of representants of the ten clustered projects and several external experts, targeting topics such as Physical and Cyber Security Modelling, Predictive Analytics and Collaborative Risk Assessment.
FINSEC Technical Meeting
Madrid, Spain
February 11-12, 2020
FINSEC technical meeting in Madrid, to prepare the second wave of implementations, clarifying end users requirements and integration issues.
FINSEC First Review Meeting
Bruxelles, Belgium
December 19, 2019
FINSEC first review meeting in Brussels, with the European Commission Project Officer and external reviewers. Presentations and videos, with the whole consortium showing the results achieved so far by FINSEC project and the plans for the next 18 months.
FINSEC Plenary Meeting
Limassol, Cyprus
September 24-25, 2019
FINSEC fourth General Assembly Meeting in Limassol, Cyprus. All partners meet to assess the results, discuss recent achievements regarding the first cycle of pilots and plan next months activities, preparing for the Project Technical review in December.
FINSEC Plenary Meeting
London, United Kingdom
July 1-2, 2019
Third plenary meeting, in London. One year into the project, all partners meet to assess the results, plan future activities and discuss recent achievements regarding the Data Model, the collaboration platform for information sharing, the standardisation and policy making activities and the preparation of the first cycle of pilots.
FINSEC'19
Luxembourg, Luxembourg
September 27, 2019
1st International Workshop on Security for Financial Critical Infrastructures and Services, Co-located with the Twenty-fourth European Symposium on Research in Computer Security-ESORICS'19.
Visit https://sites.google.com/fbk.eu/finsec19 to know more about topics, submissions and deadlines of the FINSEC'19 Workshop!
FINSEC Technical Meeting
Oslo, Norway
March 19-20, 2019
Technical meeting in Oslo, where the partners discuss the adaptive data collection and predictive algorithms of FINSEC projects, and prepare the Big Data Infrastructure for the project.
London Workshop
London, United Kingdom
March 8, 2019
FINSEC project is presented during the "Open Banking and Cyber Security" workshop in London, organised by FINSEC partners CCA and Assentian.
FINSEC Technical Meeting
Bucharest, Romania
February 28, 2019
Technical meeting in Bucharest, hosted by UTI GRUP, focused on the CCTV probes and ATM pilot implementation
FINSEC Plenary Meeting
Paris, France
January 31 - February 1, 2019
Second plenary meeting, in Paris. The partners discuss the reaching of the first milestones and plan future activities
FINSEC Plenary Meeting
Milan, Italy
October 24-25, 2018
First plenary meeting of the FINSEC project in Milan, hosted by SIA. Six months after the start of the projects all the partners meet to assess the progresses and define the strategies for the next months
FINSEC Technical Meeting
Paris, France
September 26, 2018
Hosted by ORT, in this meeting the assess the first reference architecture and plan the data collection architecture and predictive algortihms.
Technology Workshop
Bucharest, Romania
October 3, 2018
FINSEC project is presented during the Technology Workshop, Capabilities for the Security of financial and banking services, hosted by UTI GRUP in Bucharest.
FINSEC Kick-off Meeting
Brussels, Belgium
May 21-23, 2018
All partners meet in the EIT House in Brussels and officially launch the project, defining the scientific, technical and business roadmap
Start of the Project
May 1, 2018
The objective of FINSEC is to apply artificial intelligence in dealing with security problems in the financial sector, developing an integrated and intelligent approach that will appeal to the European market.
Stay tuned!
Contacts
Each of the company in the Consortium can be reached individually - Take a look at the Consortium page!
To have information about the project, please contact one of the persons mentioned below
Scientific Manager alessandro.armando@iieit.unige.it
Communication Manager alessandro.zanasi@zanasi-alessandro.eu
Quality Manager ddrakoulis@innov-acts.com
Project Manager ernesto.troiano@gft.com
Follow us on the social media:
European Cluster for Securing Critical Infrastructures - ECSCI
European Cluster for Securing Critical infrastructures - ECSCI is a cluster of H2020 projects for securing critical infrastructures. Its main objective is to bring about synergetic, emerging disruptive solutions to security issues via cross-projects collaboration and innovation. The cluster will research how to protect critical infrastructures and services, highlighting differences (approaches, sectors of interest, etc.) between the clustered projects and establishing tight and productive connections with closely related and complementary H2020 projects.
ECSCI Common Activities in 2021
The ECSCI (European Cluster for Securing Critical Infrastructures) undertakes the following activities in 2021:
-
Sustainability of the ECSCI cluster
-
European common platform for cascading effects on the different critical infrastructures, task force
-
A platform for combined safety & security for European critical infrastructures, task force
-
"The 2nd ECSCI Workshop on Critical Infrastructure Protection (follow up of the First ECSCI Workshop)"
-
Contribution to standards and regulations on the protection of critical infrastructures (this could incorporate guidelines on risk management, threat intelligence sharing and securing the supply chain amongst other activity areas common to the projects)
-
The Second Open Access Book of the ECSCI cluster (Cyber-Physical Threat Intelligence for Critical Infrastructures Security: Securing Critical Infrastructures in Air Transport, Finance, Gas, Healthcare, and Industry), Editors: John Soldatos, Aleksandar Jovanovic, Isabel Praça
-
The Second Scientific workshop: CPS4CIP 2021 (Cyber-Physical Security for Critical Infrastructures Protection) (follow up of the CPS4CIP 2020)
-
Special issues of Open Access Journals:
