Collaborative Financial Infrastructure Protection Roberto Baldoni (cid:2) Gregory Chockler Editors Collaborative Financial Infrastructure Protection Tools, Abstractions, and Middleware Editors RobertoBaldoni GregoryChockler DipartimentodiIngegneriaInformatica, IBMResearch–Haifa AutomaticaeGestionaleAntonioRuberti HaifaUniversityCampus,MountCarmel UniversitàdegaliStudidiRoma Haifa “LaSapienza” Israel Roma Italy ISBN978-3-642-20419-7 e-ISBN978-3-642-20420-3 DOI10.1007/978-3-642-20420-3 SpringerHeidelbergDordrechtLondonNewYork LibraryofCongressControlNumber:2011946180 ACMComputingClassification(1998): C.2,J.1,K.6,H.4,D.4 ©Springer-VerlagBerlinHeidelberg2012 Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation,broadcasting, reproductiononmicrofilmorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9, 1965,initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violations areliabletoprosecutionundertheGermanCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,etc.inthispublicationdoesnot imply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevantprotective lawsandregulationsandthereforefreeforgeneraluse. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Securityis,Iwouldsay, our toppriority, because foralltheexcitingthingsyou willbe abletodowithcomputers—organizing your lives,stayingintouchwithpeople,being creative—ifwedon’tsolvethesesecurity problems, thenpeoplewillholdback. BillGates To Dora,Edoardo, Camilla,andLuca To Hana,Naomi,Michael,andDaniel. Foreword Societies have grown such a dependence on informatics, that a large part of their assets relies on the availability and correct operation of interconnected computer services. Of the several critical information infrastructures (CIIs) supporting the above-mentioned societal services, the financial infrastructure is an extremely im- portant example. At the date of publishing of this book, the world is experiencing intenseturmoilcausedbyinstabilityinthefinancialsectors.Furthermore,theirinter- dependenceissuchthatcountries’crisescontaminateeachother,andlocalproblems quicklybecomeglobal. Twothingsbecomeobvious:(i)thefinancialinfrastructure(FI)isacrucialasset whose balance is easily disturbed by “natural” causes; (ii) this organisational vul- nerabilityisamplifiedbyFIstakeholderstraditionallyoperatinginisolation,aswell as by technical vulnerabilities in the supporting computer systems and networks. Giventhisscenario,theFIisanaturaltargetforcyberattack,withamplemarginfor damage.Thisisconfirmedbyrecentpublicstatisticsofactualintrusionsand,still, giventhetraditionallydiscreetpostureofthesector,wemaybejustlookingatthe tipoftheiceberg. TheComMiFinEUprojecthadthegreatmeritoftacklingthisproblemwiththe adequatevalences,throughabalancedmixofstateandfinancialsectorstakeholders ononeside,andtechnologysuppliersandresearchersontheother. Based on the argument that FI components are more vulnerable if they operate alone,theprojecttookwhatseemstobetherightapproach,and,followingthemotto unitymakesstrength,itstudiestheproblemofCollaborativeFinancialInfrastructure Protection,fromitsrootstoconcretesolutions,andpresentsitintwoparts.Groups ofauthorsfromtheprojectdealwithseveralrelevantsubjects,inaflowmadeeasy bythecontributionofeditorsRobertoBaldoniandGregoryChockler. Inthefirstpart,theseveralgroupsofauthorsfromtheprojectstartbycharacter- ising the sector and the risks and vulnerabilitiesit is subject to, and then detailing a selection of real attack scenarios and common protection strategies. One of the pillarsoftheproposedsolutioniscollaboration,asensitiveissueforfinancialsec- toroperators.Inconsequence,thebookintroducesamodelofinteractingbanksand guidesthereaderthroughtherisksandbenefitsofaninformationsharingprocess, ix