Dear Colleague,
Carnegie’s
FinCyber project, focused on cybersecurity in the context of the financial system, expanded considerably in 2020. We are pleased to provide an overview of our upcoming projects and a summary of our major accomplishments last year in this special edition of our newsletter:
INTERNATIONAL STRATEGY TO PROTECT THE FINANCIAL SYSTEM FROM CYBER THREATS
Our major achievement last year was the release of our
International Strategy to Better Protect the Global Financial System from Cyber Threats, developed in partnership with the World Economic Forum. The strategy’s recommendations were developed over 18 months in consultation with 200+ stakeholders and with strategic input from an
advisory group comprised of senior representatives from governments, central banks, and industry. (Read the
Wall Street Journal’s profile of the strategy
here.) We will now focus on further advancing the implementation of the recommendations.
In November, we hosted two high-level events on the strategy featuring
Andrew Bailey, Governor of the Bank of England, U.S. Congressman
Jim Langevin, Amb.
Boris Ruge, the Vice-Chairman of the Munich Security Conference,
Vincent Loy, Assistant Managing Director of the Monetary Authority of Singapore, Amb.
Tobias Feakin, Australian Ambassador for Cyber Affairs and Critical Technology, and leading industry voices including
Jen Easterly, Global Head of the Fusion Resilience Center, Morgan Stanley,
Jason Witty, Global CISO, JPMorgan Chase,
Ramy Houssaini, Global Chief Cyber & Technology Risk Officer, BNP Paribas, and
Valerie Abend, Managing Director, Accenture. (Recordings of the launch events are available
here and
here.)
HIGH-LEVEL EVENTS: DAVOS + MUNICH SECURITY CONFERENCE
In January 2020, Bill Burns, president of the Carnegie Endowment, presented the FinCyber strategy project at the World Economic Forum Annual Meeting in Davos-Klosters to a group of CEOs of financial institutions and central bank governors. In February, Tim Maurer hosted a cyber war game at the Munich Security Conference simulating an Iranian cyber attack against the financial sector together with CrowdStrike’s Dmitri Alperovitch and SAIS’s Thomas Rid—one participant, Thorsten Benner, proclaimed it “the most fun part of [the] official MSC2020 program – and scary in terms of this being realistic & being unprepared.” In 2021, Carnegie hopes to host similar convenings to facilitate further action to address these growing risks.
NEW WORKSTREAM ON FINANCIAL INCLUSION AND CYBERSECURITY
We launched a new workstream dedicated to cybersecurity and financial inclusion, with generous support from the Bill and Melinda Gates Foundation. On December 10, we hosted the
FinCyber Conference on Financial Inclusion and Cybersecurity together with the IMF, the World Bank, and the World Economic Forum. With keynote remarks from
Her Majesty Queen Máxima of the Netherlands in her role as the UN Secretary General’s Special Advocate for Financial Inclusion,
Kristalina Georgieva, Managing Director of the IMF, and
Magda Bianco, Senior Economist at the Bank of Italy and incoming chair of the G20’s Global Partnership on Financial Inclusion, the event brought together over 200 stakeholders from around world. (The remarks can be found
here,
here, and
here, respectively.) Carnegie is now building on the momentum coming out of the conference to host quarterly calls with this community to facilitate coordination and to plan for a second conference to take place in India in December 2021.
UPDATED CAPACITY-BUILDING TOOL BOX, INCLUDES NEW GUIDES IN 10 LANGUAGES
In December 2020, Carnegie released an
updated version of our Cyber Resilience Capacity-building Tool Box, adding new guides on ransomware and workforce development and making it freely available in ten languages (English, Arabic, Dutch, French, Portuguese, Russian, Spanish, Mandarin, Japanese, and Hindi). Our official partners now include the World Bank and the Independent Community Bankers of America in addition to our original partners, the IMF, SWIFT and the SWIFT Institute, FS-ISAC, Standard Chartered, the Cyber Readiness Institute and the Global Cyber Alliance.
NEW RESEARCH ON EMERGING TECHNOLOGIES: DEEPFAKES AND QUANTUM
In February 2020, we hosted a roundtable focusing on emerging technologies with members of the G7 finance track Cyber Experts Group, representatives from the national security community, and industry experts. The group explored the medium-term impact of quantum computing and deepfakes. Insights from the workshop informed our
research paper, released in July, assessing threats posed by deepfakes and other synthetic media. This year, we plan to focus on further exploring the implications of quantum computing.
U.S. CYBERSPACE SOLARIUM COMMISSION
In March 2020, the Congressionally mandated U.S. Cyberspace Solarium Commission issued its
report including its recommendation,
“the U.S. government […]
should: Take a sector-by-sector approach to norms implementation: Prioritize norms against malicious cyber activity targeting elements of critical infrastructure that underpin shared global stability, such as the financial services sector, [emphasis added]
building on the existing norm against attacking critical infrastructure.”
WORKFORCE WORKING GROUP
In April 2020, in recognition of the massive shortage of cybersecurity talent worldwide, we convened the
FinCyber Working Group on Cybersecurity Workforce comprised of a dozen major financial institutions and a select group of experts. The working group convenes regularly to analyze existing workforce development models and identify best practices for addressing workforce shortages across the financial sector. The working group’s findings will be released early this year.
UPDATED TIMELINE (NOW WITH MAP!)
We revamped our
timeline of cyber incidents in association with BAE Systems, which now chronicles 200+ cyber incidents targeting financial institutions since 2007. We added new features including an interactive map and filters that allow users to sort incidents by country, region, year, attribution, incident type, and actor type.
2020 PUBLICATIONS
International Strategy to Better Protect the Financial System Against Cyber Threats, by Tim Maurer and Arthur Nelson, November 2020, Carnegie Endowment for International Peace.
“Enduring Cyber Threats and Emerging Challenges to the Financial Sector,” by Adrian Nish, Saher Naumaan, and James Muir, November 2020, “Cybersecurity and the Financial System” Working Paper Series, Carnegie Endowment for International Peace.
“Making finance cybersecure to ensure an inclusive recovery,” by Tim Maurer, Arthur Nelson and Sean Doyle, November 2020, World Economic Forum.
“Deepfakes and Synthetic Media in the Financial System: Assessing Threat Scenarios,” by Jon Bateman, July 2020, “Cybersecurity and the Financial System” Working Paper Series, Carnegie Endowment for International Peace.
“Protecting the financial system against the coming cyber storms,” by Juan Zarate and Tim Maurer, May, 2020,
The Hill.
“Cyber Mapping the Financial System,” by Jan-Philipp Brauchle, Matthias Göbel, Jens Seiler, and Christoph von Busekist, April 2020, “Cybersecurity and the Financial System” Working Paper Series, Carnegie Endowment for International Peace.
“COVID-19’s Other Virus: Targeting the Financial System,” by Tim Maurer and Arthur Nelson, April 2020,
Strategic Europe.
Sincerely,
Tim Maurer, Arthur Nelson, and the Cyber Policy Initiative Team at the Carnegie Endowment for International Peace