4 minute read
A concerted effort
from #229 - April 2020
The Dubai Financial Services Authority (DFSA) has recently launched a Cyber Threat Intelligence Platform to help firms in the Dubai International Financial Centre (DIFC) implement appropriate safeguards to mitigate against cyber risks. We sit down with Bryan Stirewalt, CEO of DFSA and Nicolai Solling, Chief Technology Officer at Help AG, for more information on this new platform
Can you tell us more about the cyberthreat intelligence platform? What role does DIFC play in the day to day operations of this platform and how does Help AG contribute to that?
Advertisement
There is a number of risks that the financial services industry and regulators face right now which are not traditional risks. Cyberthreat is one of them and so is climate change—these new risks being the third non-traditional also mean that the approach regulators take to address them should also be non-traditional.
Currently, what we are seeing in both cyberthreat and climate change is that the best way to tackle these issues is through a private-public partnership (PPP). A single rule or regulation change in our laws does not address the problem. There is no real silver bullet to these issues, there are a lot of bullets that you can throw at the problem but not one of them works by itself.
The PPP between the DFSA, Help AG and the industry is an attempt to create a holistic approach in dealing with cyberthreats.
The PPP we have with HELP AG and the financial services industry itself is the best solution in dealing with cyberthreats in a holistic fashion. There is a number of elements to this solution if you approach it from a high perspective, think of it as an exchange platform.
The solution operates in the same way you exchange stocks and bonds in an environment, we exchange threat intelligence for example if a member company knows about a potential threat in their environment we would be able to exchange that data with other participants on that specific system.
The DFSA has been negotiating with the industry so that the platform is able to deliver value to the participants immediately otherwise you will only be seeing what is happening for these 500 organisations but there is a number of vendors such as Kaspersky, Palo Alto Networks, Cofense and Recorded Future they are participants on the platform.
What kind of data do DIFC companies provide on this platform?
Financial institutions in the DIFC face the same cyberthreats as those that are faced around the world. The future of finance and other industries revolve around data. How you obtain data, how you store data, how you protect data, how you use data and how you delete data.
Cybercriminals know that some companies are rich in data especially those within the financial services industry
L-R: Nicolai Solling, Chief Technology Officer, Help AG, Brian Stirewalt, CEO, DFSA and Nabilah Annuar, Editor, Banker Middle East.
and that makes them more vulnerable just by the fact of they are financial insitutions. So, the threat evolves around how this data can be breached.
The companies already in the DIFC will be able to tell us about specific cyberattacks that they encountered. Some of these companies have the capabilities to detect these attacks but others do not. Thus, smaller companies without structured security practise will typically become more of the consumers of this platform. We therefore ensure that we have high fidelity data which allows them to identify certain kinds of attacks.
Is there any reason why you have decided to set up this platform on your own?
There are number of choices that we had to make to make this work. The DFSA decided earlier on that the PPP was the best way to approach this. We joined in with the fact that we know cyberthreat is one of our top five risks in the financial centre right now, and that risk is growing. Cyberthreats are continuously increasing, so this is one element we are using to mitigate those risks.
The DFSA’s Cyber Threat Intelligence Platform can be joined with other platforms to make this a global effort. Many of the firms among the 500 companies that are regulated in the centre have a global network and this doesn’t stop at the 500 firms now. We have opened this project to non-financial firms as well that brings the number up to around 2400 firms that can join the platform.
What type of technology is involved in this cyberthreat intelligence platform and what function do they serve?
Artificial Intelligence (AI) is utilised in multiple areas. The commercial feeds that we use in the platform—a lot of those are generated and a lot of the curation happening in those specific feeds will use AI and machine learning (ML) in it.
Additionally, from our perspective we stick together those specific feeds with the information that get here in DFSA and that is more a question of automation and making sure that the stitching works together in DFSA itself.
Hence if we see one event in one feed, we can attribute it to an event in another feed if there are overlaps between the environments. AI and ML is one of the areas where the service develops overtime and an area that makes curation of events more efficient.
How do you learn to filter credible cyberthreats on this platform?
We have a threat intelligence team and the DFSA has asked us to utilise our team in order to curate specific kind of events. Curating specific events is similar to how you ensure that the specific data is in the right format, try to identify if a specific threat is known by multiple sources that is how you can build credibility of an event. The process of curation takes place through automation and we try to make the process as seamless as possible.
