Communication Middleware for Monitoring Financial Critical Infrastructure
Business Foreground

 

CoMiFin offers a platform for information sharing to react in a timely manner to new threats and that fulfills  business  requirements  that  are  specific  for  financial  operators.  Information  sharing  creates  a common  knowledge  about  on‐going  and  historical  threats  that  may  be  shared  among  Financial Institutions(FI) and this can greatly benefit the FIs by speeding up information circulation and therefore shortening time to react to threats. Each FI will bring its own knowledge but it can greatly benefit of the much bigger community knowledge on risks, threats and possible counter‐measures.


The  platform  leverages  the  idea  of  information  sharing  by  adding  functionalities  that  are  specific  for financial  operators  and  that  addresses  the  new  threats  that  are  emerging  in  the  worldwide  arena,  requiring therefore a new generation of tools to enable financial institutions to effectively and efficiently react.


CoMiFin relies upon the idea of creating a new generation IT platform that connects financial institutions in  communities  of  financial  partners.  Each  community  operates  in  a  specific  and  logically  separated environment  (named  Semantic  Room)  whose  contained  information  is  strictly  protected  to  avoid unauthorized access of external people. Only community members can access information shared inside each  SR,  in  such  a  way  data  ownership  is  preserved  and  privacy  of  information  is  protected.  Each financial  institution  shall  decide  which  information  to  share  and  in  which  SR.  Nevertheless  the  more information  are  shared  in  each  SR,  the  wider  benefits  may  be  gained  by SR  community.  Certified anonymization1 of information may be provided. These financial communities of interest are expected to create a high level of trust among community members, boosting cooperation.

Business can greatly benefit from CoMiFin platform by:

  • Sharing  information  among  community  partners  in  real  time,  which  can  be  both  human‐readable  information  (documents,  reports,  ...)  and  low  level  events  (e.g.  network  traffic  logs,best suited for automated processing and to identify on‐going threats)

  • Shared information can be structured in such a way to be managed by automated systems (the only  way  to  guarantee  a  reaction  time  in‐line  with  the  strict  needs  related  to  an  IT  threat reaction), which can offer a real support to timely react to threats

  • “Certified anonymization” allows a financial institution to insert information in the Semantic Room without signing this piece of information. In such a way the reputation of the financial institution is preserved while the information is shared. Nevertheless the members of the SR are certified the information is true.
  • Exchanged information events can be related to different areas, such as:
    •  
      1. IT security
      2. Financial risks monitoring and management
      3. Money laundering
      4. Fraud detection
  • Having  the  guarantee  of  data  integrity  of  exchanged  information  (such  as  black  lists),  as  data cannot be inserted, deleted and updated by unauthorized users. Any trial to change data will be tracked and void by SR monitoring and control software

  • Protecting data privacy whenever required: most of exchanged data will be technical data that doesn’t raise privacy issues, others will be protected inside the SR according to existing laws

  • Each  SR  can  host  a  specific  algorithm  for  information  processing  (that  can  include  event correlation, pattern recognition, rule‐based evaluation of events) which is dynamically updated to cope with new threats.


CoMiFin is a flexible platform that can cope with requirements expressed by:

  • • Financial operators (such as banks, insurance companies, securities brokers etc.)
  • • Regulatory  and  supervisory  bodies  (such  as    the  Financial  Supervisory  Authority  of  Norway, Italian CONSOB) 
  • • National banks and the ECB
  • • National  security  agencies  (such  as  European  and  National  Polices,  national  Computer Emergency Response Teams) 
  • • Service/communication providers (such as SWIFT) 
  • • National reporting and analysis centre (such as Italian ABI, Swiss Melani)


Involved actors inside a Semantic Room may be different, each one gaining a specific benefit:

  • • Risk managers can share information about current risks
  • • Regulators and financial supervisors can have an overview of status of risks
  • • National security operators can share information on IT threats coming from other European or US security agencies
  • • IT managers can have an overview of IT threats and suggested counter‐measures
  • • IT operators  can have detailed information on a specific threat as well as suggestion on how to react
  • • Service/network provider can use the SR to tailor its services to the changing needs of financial customers.

 

Enrico Angori ( This e-mail address is being protected from spam bots, you need JavaScript enabled to view it )
Atle Dingsor ( This e-mail address is being protected from spam bots, you need JavaScript enabled to view it )

October 14th 2010