FINSEC-LOGO1200x396.png

Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures

 

Project Overview

FINSEC business drivers and motivations

The infrastructures of the financial sector are nowadays more critical, sophisticated and interconnected than ever before, which makes them increasingly vulnerable to security attacks. Despite increased awareness, most security measures remain fragmented and static and are thus inappropriate for confronting sophisticated and asymmetric attacks.

Overall the state of the art security systems and measures in financial organisations exhibit the following limitations: a lack of integration between physical and cyber security systems; poor handling of asymmetric security attacks, including advanced cyber threats; difficulty in compliance with emerging standards and regulations; lack of adequate stakeholders' collaboration; coupling of security systems and processes with business systems and processes.

FINSEC,

A security innovation project funded by the European Commission under the H2020 project

FINSEC, (Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures), is a flagship project which will develop, demonstrate and bring to market an integrated, intelligent, collaborative and predictive approach to the security of critical infrastructures in the financial sector. To this end, FINSEC will introduce, implement and validate a novel reference architecture for integrated physical and cyber security of critical infrastructures, which will enable handling of dynamic, advanced and asymmetric attacks, while at the same time boosting financial organizations’ compliance to security standards and regulations. As a result, FINSEC will provide a blueprint for the next generation security systems for the critical infrastructures of the financial sector.

FINSEC vision and main concept

FINSEC considers the critical infrastuctures of the financial sector as large-scale cyber-physical systems, which must be protected based on a holistic approach that considers both physical security risks and cyber-security risks, along with their interrelationships, interactions and cascading effects across the financial services supply chain. 

FINSEC will introduce a novel, standards-based Reference Architecture (RA) for combined cyber and physical security of critical infrastructures in the financial services industry. This reference architecture will be integrated, as it will consider critical infrastructures as cyber-physical systems, while integrating technologies and measures for cyber and physical security. It will be driven by standards for cyber security and physical security in general (e.g. ISO 27000 and ISO 28000) and financial services standards (e.g. ISO/TC 68/SC 2). Mechanism for intelligent and adaptive monitoring and data collection will be difined taking in account the physical-cyber security context. It will be both collaborative and participatory as it will allow all participating stakeholders to collaborate in vulnerability assessment, risk analysis, threatidentification and more. 

FINSEC approach

Integrated Cyber and Physical Security

Integrated

FINSEC's unified approach is motivated by the need to reduce the fragmentation of the security systems and teams in financial organizations, while at the same time streamlining their activities and gaining extra efficiencies from possible correlations between cyber security and physical security incidents.

Predictive Security for Critical Infrastructures

Predictive

FINSEC's predictive approach will be based on the collection and analysis of security related data as a means of anticipating security incidents before they actually occur. This apporach will enable financial organisations to plan for mitigations activities earlier and in the proper context.

Collaboration.png

Security Data Sharing and Information Exchange

Collaborative

FINSEC's collaborative approach will be based on stakeholders' collaboration across the financial services supply chain in the identification, assessment and mitigation of risks, including their cascading effects. FINSEC will provide tools based on Blockchain technology to facilitate  information exchange. 

FINSEC pilots and applications

FINSEC platform will be tested in five pilots involving high-impact scenarios that will engage hundreds (500+) of security and finance experts, while providing a representative coverage of the financial services industry (i.e. banking, capital management, insurance, card & Peer To Peer payments), which is a sound basis for FINSEC’s broader impact.

Attacking the SWIFT Network and its connected cyber & physical Assets

Correlating physical and cyber attacks in buildings and ATM networks

Predictive protection of Peer-To-Peer payments infrastructures

Protecting the infrastructures of small financial institutes through Security-as-a-Service

Insurance and management of risks in Public Critical Infrastructures

 

Deliverables

Public deliverables from the project will be published here

D2.2
D2.2

Report on Applicable Standards and Regulations

D2.3
D2.3

Modelling and spcifications for Integrated, Collaborative and Predictive Security

D2.4
D2.4

FINSEC Reference Architecture I

D3.4
D3.4

Predictive Security Analytics Infrastructue I

D5.1
D5.1

Report on Integrated BigData Infrastructure I

D7.1
D7.1

Market Platform Architecture and Technical Specifications

Disclaimer

These deliverables may be subject to final acceptance by the European Commission. The results of these deliverables reflect only the author's view and the Commission is not responsible for any use that may be made of the information it contains.

These documents and its content are the property of the FINSEC Consortium. The content of all or parts of these documents can be used and distributed provided that the FINSEC project and the document are properly referenced.

Open Acces Publications

Security Challenges for the Critical Infrastructures of the Financial Sector

Ernesto Troiano | Maurizio Ferraris | John Soldatos

A Reference Architecture for Securing Infrastructures in the Finance Sector

Ernesto Troiano | John Soldatos | Ariana Polyviou | Alessandro Mamelli | Ilesh Dattani

FINSTIX: A Security Data Model for the Financial Sector

Giorgia Gazzarata | Enrico Cambiaso | Ivan Vaccari | Ariana Polyviou | Alessio Merlo | Luca Verderame

Artificial Intelligence Gateway for Cyber-Physical Security in Critical Infrastructure and Finance

Marian Ghenescu | Serban Carata | Roxana Mihaescu | Sabin Floares

Information Sharing and Stakeholders' Collaboration for Stronger Security in Financial Sector Supply Chains: A Blockchain Approach

Ioannis Karagiannis | Konstantinos Mavrogiannis | John Soldatos | Dimitris Drakoulis | Ernesto Troiano | Ariana Polyviou

Automated Assistance to the Security Assessment of API for Financial Services

Andrea Bisegna | Roberto Carbone | Mariano Ceccato | Salvatore Manfredi | Silvio Ranise | Giada Sciarretta | Alessandro Tomasi | Emanuele Viglianisi

Adaptive and Intelligent Data Collection and Analytics for Securing Critical Financial Infrastructure

H. Abie | S. Boudko | O. Soceanu | L. Greenberg | A. Shribman | B. Gallego-Nicasio | E. Cambiaso | I. Vaccari | M. Aiello

Detection of innovative low-rate denial of service attacks against critical infrastructures

Enrico Cambiaso | Ivan Vaccari | Maurizio Aiello

The Ethical Aspects of Critical Infrastructure Protection

Marina Da Bormida

SlowTT: A Slow Denial of Service Against IoT Networks

Ivan Vaccari, Maurizio Aiello, Enrico Cambiaso

MQTTset, a New Dataset for Machine Learning Techniques on MQTT

Ivan Vaccari, Giovanni Chiola, Maurizio Aiello, Maurizio Mongelli, Enrico Cambiaso

SlowITe, a Novel Denial of Service Attack Affecting MQTT

Ivan Vaccari, Maurizio Aiello, Enrico Cambiaso

Evolutionary Game for Confidentiality in IoT-enabled Smart Grids

Svetlana Boudko, Peder Aursand and Habtamu Abie

 

Consortium

The 23 partners of the FINSEC Consortium, representing 10 different countries: Cyprus, France, Germany, Greece, Israel, Italy, Norway, Romania, Spain and United Kingdom 

Alpha Bank S.A.
HPE_edited.jpg
SIA.png
JRC.png
NEXI.jpg
Wirecard.png
 
events.jpg

Events

CPS4CIP 2020

CPS4CIP 2020

Virtual workshop

September 14-18, 2020

CPS4CIP’20 is supported by the projects of the European Cluster for Securing Critical Infrastructures (ECSCI) and is dedicated to the cyber-physical security for protecting critical infrastructures that support finance, energy, health, air transport, communication, gas, and water. For more information visit: https://sites.google.com/fbk.eu/cps4cip20

ECSCI Workshop

ECSCI Workshop

Virtual workshop

June 24-25, 2020

The meeting will be held in virtually on Google Meet with the participation of representants of the ten clustered projects and several external experts, targeting topics such as Physical and Cyber Security Modelling, Predictive Analytics and Collaborative Risk Assessment.

FINSEC Stakeholders' Workshop

FINSEC Stakeholders' Workshop

Berlin, Germany

Fujitsu Technology Solutions GmbH, Wohlrabedamm 32, 13629

Postponed

Cyber and Physical Security in Financial Insitutions: The latest innovations - FINSEC stakeholders workshop will present developments achieved in FINSEC project, starting from monitoring tools, security data model extension (from STIX to FINSTIX), and the advantages of an integrated platform for cyber-physical security.

For more details on Agenda and registration, check: https://www.eventbrite.co.uk/e/cyber-and-physical-security-in-financial-insitutionsthe-latest-innovations-tickets-91769455913

FINSEC Technical Meeting

FINSEC Technical Meeting

Madrid, Spain

February 11-12, 2020

FINSEC technical meeting in Madrid, to prepare the second wave of implementations, clarifying end users requirements and integration issues.

FINSEC First Review Meeting

FINSEC First Review Meeting

Bruxelles, Belgium

December 19, 2019

FINSEC first review meeting in Brussels, with the European Commission Project Officer and external reviewers. Presentations and videos, with the whole consortium showing the results achieved so far by FINSEC project and the plans for the next 18 months.

FINSEC'19

FINSEC'19

Luxembourg, Luxembourg

September 27, 2019

1st International Workshop on Security for Financial Critical Infrastructures and Services, Co-located with the Twenty-fourth European Symposium on Research in Computer Security-ESORICS'19.

Visit https://sites.google.com/fbk.eu/finsec19 to know more about topics, submissions and deadlines of the FINSEC'19 Workshop!

FINSEC Plenary Meeting

FINSEC Plenary Meeting

Limassol, Cyprus

September 24-25, 2019

FINSEC fourth General Assembly Meeting in Limassol, Cyprus. All partners meet to assess the results,  discuss recent achievements regarding the first cycle of pilots and plan next months activities, preparing for the Project Technical review in December.

FINSEC Plenary Meeting

FINSEC Plenary Meeting

London, United Kingdom

July 1-2, 2019

Third plenary meeting, in London. One year into the project, all partners meet to assess the results, plan future activities and discuss recent achievements regarding the Data Model, the collaboration platform for information sharing, the standardisation and policy making activities and the preparation of the first cycle of pilots.

FINSEC Technical Meeting

FINSEC Technical Meeting

Oslo, Norway

March 19-20, 2019

Technical meeting in Oslo, where the partners discuss the adaptive data collection and predictive algorithms of FINSEC projects, and prepare the Big Data Infrastructure for the project.

London Workshop

London Workshop

London, United Kingdom

March 8, 2019

FINSEC project is presented during the "Open Banking and Cyber Security" workshop in London, organised by FINSEC partners CCA and Assentian.

FINSEC Technical Meeting

FINSEC Technical Meeting

Bucharest, Romania

February 28, 2019

Technical meeting in Bucharest, hosted by UTI GRUP, focused on the CCTV probes and ATM pilot implementation

FINSEC Plenary Meeting

FINSEC Plenary Meeting

Paris, France

January 31 - February 1, 2019

Second plenary meeting, in Paris. The partners discuss the reaching of the first milestones and plan future activities

FINSEC Plenary Meeting

FINSEC Plenary Meeting

Milan, Italy

October 24-25, 2018

First plenary meeting of the FINSEC project in Milan, hosted by SIA. Six months after the start of the projects all the partners meet to assess the progresses and define the strategies for the next months

Technology Workshop

Technology Workshop

Bucharest, Romania

October 3, 2018

FINSEC project is presented during the Technology Workshop, Capabilities for the Security of financial and banking services, hosted by UTI GRUP in Bucharest.

FINSEC Technical Meeting

FINSEC Technical Meeting

Paris, France

September 26, 2018

Hosted by ORT, in this meeting the assess the first reference architecture and plan the data collection architecture and predictive algortihms.

FINSEC Kick-off Meeting

FINSEC Kick-off Meeting

Brussels, Belgium

May 21-23, 2018

All partners meet in the EIT House in Brussels and officially launch the project, defining the scientific, technical and business roadmap

Start of the Project

Start of the Project

May 1, 2018

The objective of FINSEC is to apply artificial intelligence in dealing with security problems in the financial sector, developing an integrated and intelligent approach that will appeal to the European market.

Stay tuned!

Contacts

Each of the company in the Consortium can be reached individually - Take a look at the Consortium page!
To have information about the project, please contact one of the persons mentioned below​​

Follow us on the social media:

  • LinkedIn Icona sociale
  • Twitter

 LinkedIn

Twitter

 

European Cluster for Securing Critical Infrastructures - ECSCI

European Cluster for Securing Critical infrastructures - ECSCI is a cluster of H2020 projects for securing critical infrastructures. Its main objective is to bring about synergetic, emerging disruptive solutions to security issues via cross-projects collaboration and innovation. The cluster will research how to protect critical infrastructures and services, highlighting differences (approaches, sectors of interest, etc.) between the clustered projects and establishing tight and productive connections with closely related and complementary H2020 projects. 

ECSCI Common Activities in 2021

The ECSCI (European Cluster for Securing Critical Infrastructures) undertakes the following activities in 2021:

  1. Sustainability of the ECSCI cluster

  2. European common platform for cascading effects on the different critical infrastructures, task force

  3. A platform for combined safety & security for European critical infrastructures, task force

  4. "The 2nd ECSCI Workshop on Critical Infrastructure Protection (follow up of the First ECSCI Workshop)"

  5. Contribution to standards and regulations on the protection of critical infrastructures (this could incorporate guidelines on risk management, threat intelligence sharing and securing the supply chain amongst other activity areas common to the projects)

  6. The Second Open Access Book of the ECSCI cluster (Cyber-Physical Threat Intelligence for Critical Infrastructures Security: Securing Critical Infrastructures in Air Transport, Finance, Gas, Healthcare, and Industry), Editors: John Soldatos, Aleksandar Jovanovic, Isabel Praça

  7. The Second Scientific workshop:  CPS4CIP 2021 (Cyber-Physical Security for Critical Infrastructures Protection) (follow up of the CPS4CIP 2020)

  8. Special issues of Open Access Journals:

 
European Cluster for securing Critical I
infrastress_logo_300dpi_edited.png
FinsecLogo.png
AnastaciaLogo.png
DefenderLogo.png
ResistoLogo.png
StopItLogo.PNG
safecareLogo.png
SatieLogo.png
SecuregasLogo.png
SphinxLogo.png
smartresilience_logo_new.png
ENSURESEC_full-logo_white.png
FeatureCloudLogo.png
SOTER logo_HQ.png
PHOENIX-logo v2.png
7shield_logo.png
Impetus_Logo.PNG
EnergyShield_logo.jpg
LogoCybersane_RVB.jpg
SealedGrid_logo.PNG
precinct_logo_transparent.png
eu_hybnet_logo.png
flag_yellow_low.jpg

This project has received funding from the European Union’s
Horizon 2020 research and innovation programme under grant agreement No 786727 
The content reflects only the authors’ views, and the European Commission is not responsible for any use that may be made of the information it contains.