FINSEC is glad to have participated in the ESORICS FINSEC 2019 Workshop in Luxembourg 27.09.2019. This workshop saw the participation of many academicians and from industry from the fields of cyber and physical security and was a great opportunity to share ideas and learn about the DEFENDER Project. FINSEC’19 is a forum for researchers and practitioners working on the cyber-physical security in the critical financial infrastructures. Financial infrastructures run the core of the modern economies, and manage every day a vast amount of virtual and physical money and assets. Security incidents in the financial critical infrastructure lead directly to significant economic damages for individuals and companies as well, while decreasing trust in financial institutions and questioning their social value. On the other hand, financial infrastructures and services are more critical, sophisticated and interconnected than ever before, which makes them increasingly vulnerable to security attacks, as confirmed by the steady rise of cyber-security incidents, such as phishing or ransomware attacks, but also cyber-physical incidents, such as physical violation of devices or facilities.
In order to address these challenges, the FINSEC workshop has the objective of bringing together researchers and practitioners from the cyber-physical security and the financial domain, to rethink cyber-security in the light of latest technology developments (e.g., FinTech, Cloud Computing, Blockchain, BigData, AI, Internet-of-Things (IoT), Mobile-first services, Mobile payments). Specifically, value will be given to contributions capable to foster new, intelligent, collaborative and more dynamic approaches to detect, prevent and mitigate security incidents, such as (i) intelligent monitoring and data collection of security related information; (ii) predictive analytics over the collected data based on AI-based (i.e. deep learning mechanisms) that enable the identification of complex attack patterns; (iii) triggering of preventive and mitigation measures in advance of the occurrence of the attack; (iv) allowing all stakeholders to collaborate in vulnerability assessment, risk analysis, threat identification, threat mitigation, and compliance.
The workshop calls the attention of the critical financial infrastructures research communities in order to stimulate integrated (cyber-physical) security of critical financial infrastructure. The first International Workshop on Security for Critical Financial Infrastructures and Services (FINSEC 2019), held in Luxembourg was organized in conjunction with The Twenty-fourth European Symposium on Research in Computer Security (ESORICS 2019). The format included technical presentations followed by preliminary project results from two H2020 projects, FINSEC (https://www.finsec-project.eu/) and DEFENDER (http://defender-project.eu/). An interesting mix of techniques for the Identification, Mitigation, Security Information Sharing, and Threats Mapping in critical financial infrastructure and services have been discussed.
Dr. Habtamu Abie represented the FINSEC Consortium and presented the preliminary results of the project discussing the driving forces and motivations of FINSEC, such as the rise of security incidents in the financial sector, motivating the need for an integrated security. FINSEC main results such as the reference architecture for the integration of physical and cyber security and the collaborative risk assessment in the financial supply chain were thoroughly described, highlighting the data driven approach through the Reference Architecture and the FINSEC Data Model (read our article for more information: https://www.finsec-project.eu/post/finstix-the-finsec-stix-data-model).
We would like to thank the FINSEC’19 Program Committee, whose members made the workshop possible with their rigorous and timely review process. We would also like to thank University of Luxembourg for hosting the workshop, and the ESORICS’19 workshop chairs for the valuable help and support.
By Habtamu Abie (NRS), 1 October 2019