The SolarWinds impact: How the FSCCC reacted

The SolarWinds Orion compromise was made public on 13 December 2020. Following root cause analysis by cyber security firm FireEye, it was discovered that SolarWinds Orion updates had been manipulated and weaponised by attackers during a regularly scheduled software update. The impact of the hack was reportedly far-reaching and affected several key departments in the US government. As the latest example of a high-sophistication attack, affecting multiple organisations across multiple sectors around the world, the case highlights the vital need for firms to collaborate ever more closely on security to ensure the resilience of financial services.

The Financial Sector Cyber Collaboration Centre (FSCCC) reacted promptly, alerting its membership through regular communication, discussions, and reporting to ensure sector-wide awareness of the attack and recommended mitigation. The FSCCC also played a key role in keeping the financial regulators up to speed on the sector's understanding, actions and concerns.

FSCCC Activity Highlights:

  • FSCCC shared regular reporting about the SolarWinds Orion security breach, ensuring the sector was aware and sighted as events unfolded.
  • FSCCC initiated a Finance Emergency Call Cyber (FinECC) which involved over 100 participants across 35 member firms. This included the National Cyber Security Centre (NCSC), the National Crime Agency (NCA), the Cyber Defence Alliance and the Financial Services Information Sharing and Analysis Center. Members collaborated by sharing their understanding of the incident and the practical approaches to respond.
  • A daily coordination call was set up to monitor the continued fallout from the breach.
  • FSCCC acted as a bridge between member firms and the financial regulators, ensuring effective sharing of the overall understanding, concern and approach taken by the sector to the incident.

Key Outcomes

  1. Information provided by participating firms meant that identified process gaps that could have left firms vulnerable were discussed and lessons learnt were put into practice.
  1. The financial authorities benefitted from access to a single point of contact to understand the sector's potential exposure and response, reducing the need for direct supervisory engagement with individual firms.
  1. Members valued FSCCC's role in ensuring common understanding of the situation, sharing of the latest credible reporting and access to specialist reporting on the incident.

The FSCCC continues to remain the UK financial sector's first port of call for reporting cyber threats and incidents, particularly those which have the potential for a systemic or sector-wide impact.

UK Finance, together with support from regulatory authorities, government and the NCSC, plays an important role in ensuring the strategic and operational goals for the FSCCC remains a priority. For more information about the FSCCC please see https://fsccc.org.uk/

 

 


Related Workshop

Cyber Essentials, 23 February
Cyber Essentials is a framework which introduces cyber security controls proven to be effective against internet-based cyber threats such as phishing, malware, ransomware, password guessing and network attacks. This workshop will help delegates to fully understand the value of the scheme's five core controls - firewalls, secure configuration, user access control, malware protection, and patch management - and delivers an overview of how to implement them.

Learn more here
 

Area of expertise:

Cyber Essentials workshop - in partnership with IASME

Cyber Essentials introduces cyber security controls effective against internet-based cyber threats such as phishing and malware. This workshop will detail the scheme's five core controls and an overview of how to implement them.

Learn more Read more