FSCCC: protecting the financial sector

Following recent events in Russia and Ukraine, the Financial Sector Cyber Collaboration Centre (FSCCC) invoked an incident management call to promote sharing across its membership and to ensure sector-wide awareness of potential threats resulting from the conflict, in order to maintain the resilience of financial services in the UK. FSCCC prides itself in being the UK financial sector's first point of call for intelligence sharing and acting proportionately to a potential systemic threat to our economy.

FSCCC had previously responded to the threat to the sector from the active exploitation of Apache Log4j, widely used opensource software that enables logging of Java applications.

Collective FSCCC activity highlights:

  • Deep analysis shared of the threat landscape and potential cyber threats.
  • Third party support provided during calls.
  • Sector and firm preparations and actions shared.
  • Daily coordination of calls amongst analysts, certain authorities and partners.
  • Information sharing with authorities providing a view of the sectors? awareness and preparedness.
  • The National Cyber Security Centre (NCSC) shared its guidance with FSCCC analysts and the wider FSCCC membership. NCSC Log4j guidance is here and Ukraine guidance is here.

Key outcomes:

  • The financial sector continues to gain maturity when partnering and protecting the sector from systemic threats.
  • FSCCC is now firmly recognised by financial services firms and the authorities as a highly valued partner in the protection of the sector and has a place in the authorities? response framework.
  • Authorities were informed of the sectors preparedness and of the FSCCC's triggers for further actions.
  • Monitoring and vigilance continues to be at the forefront of sector protection and response.
  • A maturing picture of critical services is being expanded upon for completeness.

Whether due to software vulnerabilities or geopolitical events, FSCCC provides an overview of discussions from incident calls (without attribution to participants) to the financial authorities. This allows them to understand the threat and actions taken by the sector more broadly. By providing a formal link between firms, authorities and the NCSC, the FSCCC is able to help the financial sector manage cyber risks and subsequently become more resilient through sharing and knowledge.

The FSCCC Fusion Cell continues to meet daily on potential cyber threats while being ably assisted by the Cyber Defence Alliance (CDA) and the Financial Services Information Sharing and Analysis Center (FS-ISAC). Both are key partners in the delivery of FSCCC services, as is the NCSC and the National Crime Agency.

If you would like more information on FSCCC or would like to become a member, please contact support@fsccc.org.uk

 

Area of expertise: