Delta Wall V — Cybersecurity Exercise for the Japanese Financial Sector

Photo by Markus Spiske on Unsplash

Under the guidance of the Financial Services Agency (FSA), the financial regulator in Japan, fifth “Cross-Financial Industry Exercise”, called “Delta Wall V”, has kicked off today, with the aim of further improving the incident response capability of the entire financial industry. It will run until October 21, 2020, with ~110 financial institutions participating. The following is an English translation of the FSA briefing one-pager.

Cybersecurity in the Financial Sector

• Incidents such as fraudulent deposits/withdrawals and settlements through payment services of fund transfer companies have occurred at multiple financial institutions
• In addition, we have seen cyber attacks that take advantage of the pandemic environment and cyber attacks aimed at telework
• The threat of cyberattacks is a major risk that could affect the stability of the financial system, and further improvement of the financial industry’s ability to respond to incidents is essential

Overview of the Exercises to Date

• Previously, four exercises have been conducted, with a total of 900 people participating from 77 institutions in FY2016, 1,400 from 101 institutions in FY2017, 1,400 from 105 institutions in FY2018, 1,400 in total, and 2,000 from 121 institutions in fiscal 2019
• Many participating financial institutions continuously review the regulations, and are implementing and planning measures to strengthen information cooperation with internal and external organizations, thereby improving the response system through this exercise

Delta Wall V Scope

• In mid-October 2020, the Financial Services Agency holds its fifth cross-financial cybersecurity exercise with approximately 110 participants
• In the context of recent fraudulent deposits/withdrawals, etc., we will test the effectiveness of the customer response in the event of an incident, as well as cooperation between departments and externals organizations
• Based on the results of the exercises conducted last year, banks and other organizations conducted exercises to verify the effectiveness of incident response through internal escalation to management decision-making inside the organization with the aim of “further improving the ability to respond to incidents”
• In order to improve the ability to respond to incidents in a telework environment, participating financial institutions this time around will take part in exercises under the actual telework environment

Features of the Exercises

• Exercises aimed at confirming the response system and procedures related to sharing of information inside and outside the financial institutions in the event of an incident
• Participation will include management and many departments across the organization (system department, public relations, planning department, etc.)
• While considering the knowledge of private experts and analysis of examples of attacks, weaknesses that financial institutions are likely to exhibit are highlighted, and participants can gain “awareness”
• In an effort to improve the ability of participating financial institutions to respond while turning the PDCA cycle, the exercise focuses on post-assessment, such as showing specific improvement measures and good examples

Test Cases

Banks

• Not disclosed based on black box testing

Shinkin Banks, etc.

• Customer impact due to homepage abnormality
• Malware infection on internal devices and their spread

Securities Companies, Insurance, Money Transfer, etc.

• Leakage of customer information
• External malware intrusions and in-house infections

Crypto-Currency Exchanges

• Outflow of customer assets
• Intrusion into internal systems and unauthorized communication to the outside world

If you found value in this article, please “clap” (up to 50 times).

This article is part of our Tokyo FinTech Publication, please follow us to read more from our writers, like hundreds of readers do every day.

Should you live in Tokyo, or just pass through, please also join our Tokyo FinTech Meetup. In any case, our LinkedIn page, Facebook page and our Instagram account are there for you as well.