Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures
FINSEC business drivers and motivations
The infrastructures of the financial sector are nowadays more critical, sophisticated and interconnected than ever before, which makes them increasingly vulnerable to security attacks. Despite increased awareness, most security measures remain fragmented and static and are thus inappropriate for confronting sophisticated and asymmetric attacks.
Overall the state of the art security systems and measures in financial organisations exhibit the following limitations: a lack of integration between physical and cyber security systems; poor handling of asymmetric security attacks, including advanced cyber threats; difficulty in compliance with emerging standards and regulations; lack of adequate stakeholders' collaboration; coupling of security systems and processes with business systems and processes.
A security innovation project funded by the European Commission under the H2020 project
FINSEC, (Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures), is a flagship project which will develop, demonstrate and bring to market an integrated, intelligent, collaborative and predictive approach to the security of critical infrastructures in the financial sector. To this end, FINSEC will introduce, implement and validate a novel reference architecture for integrated physical and cyber security of critical infrastructures, which will enable handling of dynamic, advanced and asymmetric attacks, while at the same time boosting financial organizations’ compliance to security standards and regulations. As a result, FINSEC will provide a blueprint for the next generation security systems for the critical infrastructures of the financial sector.
FINSEC vision and main concept
FINSEC considers the critical infrastuctures of the financial sector as large-scale cyber-physical systems, which must be protected based on a holistic approach that considers both physical security risks and cyber-security risks, along with their interrelationships, interactions and cascading effects across the financial services supply chain.
FINSEC will introduce a novel, standards-based Reference Architecture (RA) for combined cyber and physical security of critical infrastructures in the financial services industry. This reference architecture will be integrated, as it will consider critical infrastructures as cyber-physical systems, while integrating technologies and measures for cyber and physical security. It will be driven by standards for cyber security and physical security in general (e.g. ISO 27000 and ISO 28000) and financial services standards (e.g. ISO/TC 68/SC 2). Mechanism for intelligent and adaptive monitoring and data collection will be difined taking in account the physical-cyber security context. It will be both collaborative and participatory as it will allow all participating stakeholders to collaborate in vulnerability assessment, risk analysis, threatidentification and more.
Integrated Cyber and Physical Security
FINSEC's unified approach is motivated by the need to reduce the fragmentation of the security systems and teams in financial organizations, while at the same time streamlining their activities and gaining extra efficiencies from possible correlations between cyber security and physical security incidents.
Predictive Security for Critical Infrastructures
FINSEC's predictive approach will be based on the collection and analysis of security related data as a means of anticipating security incidents before they actually occur. This apporach will enable financial organisations to plan for mitigations activities earlier and in the proper context.
Security Data Sharing and Information Exchange
FINSEC's collaborative approach will be based on stakeholders' collaboration across the financial services supply chain in the identification, assessment and mitigation of risks, including their cascading effects. FINSEC will provide tools based on Blockchain technology to facilitate information exchange.
FINSEC pilots and applications
FINSEC platform will be tested in five pilots involving high-impact scenarios that will engage hundreds (500+) of security and finance experts, while providing a representative coverage of the financial services industry (i.e. banking, capital management, insurance, card & Peer To Peer payments), which is a sound basis for FINSEC’s broader impact.
Attacking the SWIFT Network and its connected cyber & physical Assets
Correlating physical and cyber attacks in buildings and ATM networks
Predictive protection of Peer-To-Peer payments infrastructures
Protecting the infrastructures of small financial institutes through Security-as-a-Service
Insurance and management of risks in Public Critical Infrastructures
Public deliverables from the project will be published here
These deliverables may be subject to final acceptance by the European Commission. The results of these deliverables reflect only the author's view and the Commission is not responsible for any use that may be made of the information it contains.
These documents and its content are the property of the FINSEC Consortium. The content of all or parts of these documents can be used and distributed provided that the FINSEC project and the document are properly referenced.
Open Acces Publications
September 14-18, 2020
CPS4CIP’20 is supported by the projects of the European Cluster for Securing Critical Infrastructures (ECSCI) and is dedicated to the cyber-physical security for protecting critical infrastructures that support finance, energy, health, air transport, communication, gas, and water. For more information visit: https://sites.google.com/fbk.eu/cps4cip20
June 24-25, 2020
The meeting will be held in virtually on Google Meet with the participation of representants of the ten clustered projects and several external experts, targeting topics such as Physical and Cyber Security Modelling, Predictive Analytics and Collaborative Risk Assessment.
FINSEC Stakeholders' Workshop
Fujitsu Technology Solutions GmbH, Wohlrabedamm 32, 13629
Cyber and Physical Security in Financial Insitutions: The latest innovations - FINSEC stakeholders workshop will present developments achieved in FINSEC project, starting from monitoring tools, security data model extension (from STIX to FINSTIX), and the advantages of an integrated platform for cyber-physical security.
For more details on Agenda and registration, check: https://www.eventbrite.co.uk/e/cyber-and-physical-security-in-financial-insitutionsthe-latest-innovations-tickets-91769455913
FINSEC First Review Meeting
December 19, 2019
FINSEC first review meeting in Brussels, with the European Commission Project Officer and external reviewers. Presentations and videos, with the whole consortium showing the results achieved so far by FINSEC project and the plans for the next 18 months.
September 27, 2019
1st International Workshop on Security for Financial Critical Infrastructures and Services, Co-located with the Twenty-fourth European Symposium on Research in Computer Security-ESORICS'19.
FINSEC Plenary Meeting
September 24-25, 2019
FINSEC fourth General Assembly Meeting in Limassol, Cyprus. All partners meet to assess the results, discuss recent achievements regarding the first cycle of pilots and plan next months activities, preparing for the Project Technical review in December.
FINSEC Plenary Meeting
London, United Kingdom
July 1-2, 2019
Third plenary meeting, in London. One year into the project, all partners meet to assess the results, plan future activities and discuss recent achievements regarding the Data Model, the collaboration platform for information sharing, the standardisation and policy making activities and the preparation of the first cycle of pilots.
Each of the company in the Consortium can be reached individually - Take a look at the Consortium page!
To have information about the project, please contact one of the persons mentioned below
Scientific Manager firstname.lastname@example.org
Communication Manager email@example.com
Quality Manager firstname.lastname@example.org
Project Manager email@example.com
European Cluster for Securing Critical Infrastructures - ECSCI
European Cluster for Securing Critical infrastructures - ECSCI is a cluster of H2020 projects for securing critical infrastructures. Its main objective is to bring about synergetic, emerging disruptive solutions to security issues via cross-projects collaboration and innovation. The cluster will research how to protect critical infrastructures and services, highlighting differences (approaches, sectors of interest, etc.) between the clustered projects and establishing tight and productive connections with closely related and complementary H2020 projects.
ECSCI Common Activities in 2021
The ECSCI (European Cluster for Securing Critical Infrastructures) undertakes the following activities in 2021:
Sustainability of the ECSCI cluster
European common platform for cascading effects on the different critical infrastructures, task force
A platform for combined safety & security for European critical infrastructures, task force
"The 2nd ECSCI Workshop on Critical Infrastructure Protection (follow up of the First ECSCI Workshop)"
Contribution to standards and regulations on the protection of critical infrastructures (this could incorporate guidelines on risk management, threat intelligence sharing and securing the supply chain amongst other activity areas common to the projects)
The Second Open Access Book of the ECSCI cluster (Cyber-Physical Threat Intelligence for Critical Infrastructures Security: Securing Critical Infrastructures in Air Transport, Finance, Gas, Healthcare, and Industry), Editors: John Soldatos, Aleksandar Jovanovic, Isabel Praça
The Second Scientific workshop: CPS4CIP 2021 (Cyber-Physical Security for Critical Infrastructures Protection) (follow up of the CPS4CIP 2020)
Special issues of Open Access Journals: