Risk Management: Helping the EU Railways Catch the Cybersecurity Train

European railway undertakings (RUs) and infrastructure managers (IMs) need to address cyber risks in a systematic way as part of their risk management processes. This need has become even more urgent since the Network and Information Security (NIS) Directive came into force in 2016.

Objectives of the Railway Cybersecurity report

The purpose of the report is to provide European RUs and IMs with applicable methods and practical examples on how to assess and mitigate cyber risks.

The good practices presented are based on feedback from railway stakeholders. They include tools, such as assets and services list, cyber threat scenarios and applicable cybersecurity measures, based on the standards and good practices used in the sector. These resources can be used as a basis for cyber risk management for railway companies. They are therefore intended to be a reference point and to promote collaboration between railway stakeholders across the EU while raising awareness on relevant threats.

The main takeaways

  • Existing risk management approaches vary for railway IT and OT systems

For the risk management of railway Information Technology (IT) systems, the most cited approaches were the requirements of NIS Directive at a national level, the ISO 2700x family of standards, and the NIST cybersecurity framework.

For Operational Technology (OT) systems, the frameworks cited were ISA/IEC 62443, CLC/TS 50701, and the recommendations of the Shift2Rail project X2Rail-3, or the ones from the CYRail Project.

Those standards or approaches are often used in a complementary way to adequately address both IT and OT systems. While IT systems are normally evaluated with broader and more generic methods (such as ISO 2700x or NIS Directive), OT systems need specific methods and frameworks that have been designed for industrial train systems.

There is no unified approach available to railway cyber risk management yet. Stakeholders who participated in this study indicated that they use a combination of the abovementioned international and European approaches to tackle risk management, which they then complement with national frameworks and methodologies.

  • Asset taxonomies

For RUs and IMs to manage cyber risks, identifying what needs protection is essential. In this report, a comprehensive list is broken down to 5 areas; the services that stakeholders provide, the devices (technological systems) that support these services, the physical equipment used to provide these services, the people that maintain or use them, and the data used.

  • Threats taxonomies and risk scenarios

RUs and IMs need to identify which cyber threats are applicable to their assets and services. The report reviews available threat taxonomies, and provides a list of threats that can be used as the basis.

Examples of cyber risk scenarios are also analysed, which can assist railway stakeholders when performing a risk analysis. They show how asset and threat taxonomies can be used together and are based on the known incidents of the sector and the feedback received during the workshops.

  • Applying cybersecurity measures

Each scenario is associated with a list of relevant security measures. The report includes cybersecurity measures derived from the NIS Directive, current standards (ISO/IEC 27002, IEC 62443) and good practises (NIST’s cybersecurity framework).

Joint global ransomware operation sees arrests and criminal network dismantled

A four-year operation across five continents has disrupted a ransomware cybercrime gang and seen the arrest of seven suspects believed to be behind global malware crime operations.

Codenamed ‘Quicksand’ (GoldDust) and carried out by 19 law enforcement agencies in 17 countries, the transcontinental operation saw officers collect and examine intelligence to establish a global threat picture about attacks by ransomware families - particularly GandCrab and Revil-Sodinokibi - and the suspects behind them.

The organized crime group that used these malwares is known for breaking into business and private networks using a range of infiltration techniques, and then deploying ransomware against their victims. The ransomware then encrypts files which are then used to blackmail companies and people into paying huge ransoms.

The suspects arrested during Operation Quicksand are suspected of perpetrating tens of thousands of ransomware infections and demanding more than EUR 200 million in ransom
Tangible results: multiple arrests worldwide

Intelligence exchanged during the operation enabled:

- Korean law enforcement to arrest three suspects in February, April and October;
- Kuwaiti authorities to arrest a man thought to have carried out ransomware attacks using the GandGrab ransomware;
- Romanian authorities to arrest two individuals suspected of ransomware cyber-attacks and believed to be responsible for 5,000 infections as well as half a million euros profit in ransom payments;
- The arrest of a man believed to be responsible for the Kaseya ransomware attack, thought to have been carried out last July by the REvil gang with more than 1,500 people and 1,000 businesses affected worldwide.

“Ransomware has become too large of a threat for any entity or sector to address alone; the magnitude of this challenge urgently demands united global action which INTERPOL can uniquely facilitate as a neutral and trusted global partner,” said INTERPOL Secretary General Jürgen Stock.

“Policing needs to harness the insights of the cyber security industry to identify and disrupt cyber criminals as part of a true coalition, working together to reduce the global impact of ransomware cybercrime,” added the Secretary General.

A powerful global coalition

A joint INTERPOL-Europol operation, Quicksand was coordinated from INTERPOL’s Cyber Fusion Centre in Singapore where stakeholders shared live intelligence in an interactive and secure environment via INTERPOL’s global network and capabilities.

Through INTERPOL’s Gateway project, INTERPOL’s private partners Trend Micro, CDI, Kaspersky Lab and Palo Alto Networks also contributed to investigations by sharing information and technical expertise.
Gateway boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent attacks.

Bitdefender supported operations by releasing tailor-made decryption tools to unlock ransomware and enable victims to recover files. These innovative tools enabled more than 1,400 companies to decrypt their networks, saving them almost EUR 475 million in potential losses.

IOCTA 2021 unveils the most recent cyber threat (r)evolutions

The accelerated digitalisation related to the COVID-19 pandemic has significantly influenced the development of a number of cyber threats, according to the new edition of Europol’s Internet Organised Crime Threat Assessment. Criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems, hospitals or individuals. While ransomware groups have taken advantage of widespread teleworking, scammers have abused COVID-19 fears and the fruitless search for cures online to defraud victims or gain access to their bank accounts. The increase of online shopping in general has attracted more fraudsters. With children spending a lot more time online, especially during lockdowns, grooming and dissemination of self-produced explicit material have increased significantly. Grey infrastructure, including services offering end-to-end encryption, VPNs and cryptocurrencies continue to be abused for the facilitation and proliferation of a large range of criminal activities. This has resulted in significant challenges for the investigation of criminal activities and the protection of victims of crime.

In addition to expanding the efforts to tackle these threats from a law enforcement perspective, it is crucial to add another level of protection in terms of cybersecurity. The implementation of measures such as multi-factor authentication and vulnerability management are of utmost importance to decrease the possible exposure to cyber threats. Awareness raising and prevention are key components in reducing the effectiveness of cyberattacks and other cyber enabled criminal activities.

The key threats:

- Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks.
- Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication.
- Online shopping has led to a steep increase in online fraud.
- Explicit self-generated material is an increasing concern and is also distributed for profit.
- Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and cryptocurrencies.

The new edition of Europol’s Internet Organised Crime Threat Assessment, launched today, looks into the (r)evolutionary development of these trends, catalysed by the expanded digitalisation of recent years. The report was presented during the Europol-INTERPOL Cybercrime Conference. The conference gathered about 100 experts together to share their insights into the latest cybercrime trends and threats and to discuss how innovation is essential in countering cybercrime acceleration.

CISA Releases Directive on Reducing the Significant Risk of Known Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of vulnerabilities that are being actively exploited by adversaries. The Directive establishes a CISA-managed catalog of known exploited vulnerabilities and requires federal civilian agencies to remediate such vulnerabilities within specific timeframes.

CISA issued BOD 22-01 to drive federal agencies to mitigate actively exploited vulnerabilities on their networks, sending a clear message to all organizations across the country to focus patching on the subset of vulnerabilities that are causing harm now, and enable CISA to drive continuous prioritization of vulnerabilities based on our understanding of adversary activity. The Directive applies to all software and hardware found on federal information systems, including those managed on agency premises or hosted by third parties on an agency’s behalf. With this Directive, CISA is imposing the first government-wide requirements to remediate vulnerabilities affecting both internet-facing and non-internet facing assets.

“Every day, our adversaries are using known vulnerabilities to target federal agencies. As the operational lead for federal cybersecurity, we are using our directive authority to drive cybersecurity efforts toward mitigation of those specific vulnerabilities that we know to be actively used by malicious cyber actors,” said CISA Director Jen Easterly. “The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and dramatically reduce their exposure to cyber attacks. While this Directive applies to federal civilian agencies, we know that organizations across the country, including critical infrastructure entities, are targeted using these same vulnerabilities. It is therefore critical that every organization adopt this Directive and prioritize mitigation of vulnerabilities listed in CISA’s public catalog.”

With over 18,000 vulnerabilities identified in 2020 alone, organizations in the public and private sector find it challenging to prioritize limited resources toward remediating the vulnerabilities that are most likely to result in a damaging intrusion. This Directive addresses this challenge by driving mitigations of those vulnerabilities that are being actively exploited to compromise federal agencies and American businesses, building upon existing methods widely used to prioritize vulnerabilities by many organizations today.

This Directive applies to federal civilian agencies however, CISA strongly recommends that private businesses and state, local, tribal and territorial (SLTT) governments prioritize mitigation of vulnerabilities listed in CISA’s public catalog and sign up to receive notifications when new vulnerabilities are added.

Joint global ransomware operation sees arrests and criminal network dismantled

A four-year operation across five continents has disrupted a ransomware cybercrime gang and seen the arrest of seven suspects believed to be behind global malware crime operations.

Codenamed ‘Quicksand’ (GoldDust) and carried out by 19 law enforcement agencies in 17 countries, the transcontinental operation saw officers collect and examine intelligence to establish a global threat picture about attacks by ransomware families - particularly GandCrab and Revil-Sodinokibi - and the suspects behind them.

The organized crime group that used these malwares is known for breaking into business and private networks using a range of infiltration techniques, and then deploying ransomware against their victims. The ransomware then encrypts files which are then used to blackmail companies and people into paying huge ransoms.

The suspects arrested during Operation Quicksand are suspected of perpetrating tens of thousands of ransomware infections and demanding more than EUR 200 million in ransom

Intelligence exchanged during the operation enabled

- Korean law enforcement to arrest three suspects in February, April and October;
- Kuwaiti authorities to arrest a man thought to have carried out ransomware attacks using the GandGrab ransomware;
- Romanian authorities to arrest two individuals suspected of ransomware cyber-attacks and believed to be responsible for 5,000 infections as well as half a million euros profit in ransom payments;
- The arrest of a man believed to be responsible for the Kaseya ransomware attack, thought to have been carried out last July by the REvil gang with more than 1,500 people and 1,000 businesses affected worldwide.

“Ransomware has become too large of a threat for any entity or sector to address alone; the magnitude of this challenge urgently demands united global action which INTERPOL can uniquely facilitate as a neutral and trusted global partner,” said INTERPOL Secretary General Jürgen Stock.

“Policing needs to harness the insights of the cyber security industry to identify and disrupt cyber criminals as part of a true coalition, working together to reduce the global impact of ransomware cybercrime,” added the Secretary General.

A joint INTERPOL-Europol operation, Quicksand was coordinated from INTERPOL’s Cyber Fusion Centre in Singapore where stakeholders shared live intelligence in an interactive and secure environment via INTERPOL’s global network and capabilities.

Through INTERPOL’s Gateway project, INTERPOL’s private partners Trend Micro, CDI, Kaspersky Lab and Palo Alto Networks also contributed to investigations by sharing information and technical expertise.
Gateway boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent attacks.

Bitdefender supported operations by releasing tailor-made decryption tools to unlock ransomware and enable victims to recover files. These innovative tools enabled more than 1,400 companies to decrypt their networks, saving them almost EUR 475 million in potential losses.

KPN, McAfee, S2W helped investigations by providing cyber and malware technical expertise to INTERPOL and its member countries.

Operation Quicksand continues to supply evidence that is feeding into further cybercrime investigations and enabling the international police community to disrupt numerous channels used by cybercriminals to launder cryptocurrency and commit ransomware crime.

With the combined global financial impact in ransom payments from ransomware families believed to be within the billions of dollars and thousands of victims worldwide, INTERPOL’s private partners and member countries work together to provide support to victims hit by the ransomware.

Research from Chainalysis found that criminals made USD 350 million in 2020 from ransomware payments, representing an increase of 311 per cent in one year. Over the same period, the average ransom payment increased by 171 per cent, according to Palo Alto Networks.

12 targeted for involvement in ransomware attacks against critical infrastructure

A total of 12 individuals wreaking havoc across the world with ransomware attacks against critical infrastructure have been targeted as the result of a law enforcement and judicial operation involving eight countries.

These attacks are believed to have affected over 1 800 victims in 71 countries. These cyber actors are known for specifically targeting large corporations, effectively bringing their business to a standstill.

The actions took place in the early hours of 26 October in Ukraine and Switzerland. Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions.

As the result of the action day, over USD 52 000 in cash was seized, alongside 5 luxury vehicles. A number of electronic devices are currently being forensically examined to secure evidence and identify new investigative leads.

The targeted suspects all had different roles in these professional, highly organised criminal organisations. Some of these criminals were dealing with the penetration effort, using multiple mechanisms to compromise IT networks, including brute force attacks, SQL injections, stolen credentials and phishing emails with malicious attachments.

Once on the network, some of these cyber actors would focus on moving laterally, deploying malware such as Trickbot, or post-exploitation frameworks such as Cobalt Strike or PowerShell Empire, to stay undetected and gain further access.

The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying a ransomware. These cyber actors are known to have deployed LockerGoga, MegaCortex and Dharma ransomware, among others.

The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected. A ransom note was then presented to the victim, which demanded the victim pay the attackers in Bitcoin in exchange for decryption keys.

A number of the individuals interrogated are suspected of being in charge of laundering the ransom payments: they would funnel the Bitcoin ransom payments through mixing services, before cashing out the ill-gotten gains.
International cooperation

International cooperation coordinated by Europol and Eurojust was central in identifying these threat actors as the victims were located in different geographical locations around the world.

Initiated by the French authorities, a joint investigation team (JIT) was set up in September 2019 between Norway, France, the United Kingdom and Ukraine with financial support of Eurojust and assistance of both Agencies. The partners in the JIT have since been working closely together, in parallel with the independent investigations of the Dutch and U.S. authorities, to uncover the actual magnitude and complexity of the criminal activities of these cyber actors to establish a joint strategy.

Eurojust established a coordination centre to facilitate cross-border judicial cooperation during the action day. In preparation of this, seven coordination meetings were held.

Europol’s European Cybercrime Centre (EC3) hosted operational meetings, provided digital forensic, cryptocurrency and malware support and facilitated the information exchange in the framework of the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s headquarters in The Hague.

Risky business or a leap of faith? A risk based approach to optimise cybersecurity certification

The European Union Agency for Cybersecurity (ENISA) has launched a cybersecurity assessment methodology for cybersecurity certification of sectoral multistakeholder ICT systems.

The Methodology for a Sectoral Cybersecurity Assessment - (SCSA Methodology) was developed to enable the preparation of EU cybersecurity certification schemes for sectoral ICT infrastructures and ecosystems. SCSA aims at market acceptance of cybersecurity certification deployments and supports the requirements of market stakeholders and the EU Cybersecurity Act (CSA). In particular, SCSA endorses the identification of security and certification requirements based on risks associated with the “intended use” of the specific ICT products, services and processes.

The SCSA Methodology makes available to the ENISA stakeholders a comprehensive ICT security assessment instrument that includes all aspects pertinent to sectoral ICT systems and provides thorough content for the implementation of ICT security and cybersecurity certification.

While SCSA draws from widely accepted standards, in particular ISO/IEC 27000-series and ISO/IEC 15408-series, the proposed enhancements tackle multi-stakeholder systems and the specific security and assurance level requirements concerning ICT products, processes and cybersecurity certification schemes.

This is achieved by introducing the following features and capabilities:

- Business processes, roles of sectoral stakeholders and business objectives are documented at ecosystem level, overarching the ICT subsystems of the individual stakeholders. Stakeholders are invited to actively contribute to the identification and rating of ICT security risks that could affect their business objectives.
- A dedicated method associates the stakeholders’ ratings of risks with the security and assurance level requirements to dedicated ICT subsystems, components or processes of the sectoral ICT system.
- SCSA specifies a consistent approach to implement security and assurance levels across all parts of the sectoral ICT system and provides all information required by the sectoral cybersecurity certification schemes.

Benefits of the SCSA Methodology for stakeholders

The sectoral cybersecurity security assessment provides a comprehensive approach of the multi-faceted aspects presented by complex multi-stakeholder ICT systems and it features the following benefits:

- The security of a sectoral system requires synchronisation across all participating stakeholders. SCSA introduces comparability of security and assurance levels between different stakeholders’ systems and system components. SCSA enables building open multi-stakeholder ecosystems even among competitors to the benefit of suppliers and customers.
- The risk-based approach supports transparency and a sound balance between the cost for security and certification and the benefit of mitigating ICT-security-related business risks for each concerned stakeholder.
- Security measures can focus on the critical components, optimising the security architecture of the sectoral system, hence minimising cost of security.
- SCSA generates accurate and consistent information on security and certification level requirements for all relevant ICT subsystems, components or processes. On this basis, suppliers can match their products to their customers’ requirements.
- SCSA supports the integration of existing risk management tools and information security management systems (ISMS).
- Due to a consistent definition of assurance levels, the re-use of certificates from other cybersecurity certification schemes is supported.

CISA and FBI observe the increased use of Conti ransomware

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.

Technical Details

While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds used by affiliate cyber actors and receives a share of the proceeds from a successful attack.

Conti actors often gain initial access to networks through:

- Spearphishing campaigns using tailored emails that contain malicious attachments or malicious links;
- Malicious Word attachments often contain embedded scripts that can be used to download or drop other malware—such as TrickBot and IcedID, and/or Cobalt Strike—to assist with lateral movement and later stages of the attack life cycle with the eventual goal of deploying Conti ransomware.
- Stolen or weak Remote Desktop Protocol (RDP) credentials
- Phone calls;
- Fake software promoted via search engine optimization;
- Common vulnerabilities in external assets.

In the execution phase, actors run a getuid payload before using a more aggressive payload to reduce the risk of triggering antivirus engines. CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces. Additionally, actors use Kerberos attacks to attempt to get the Admin hash to conduct brute force attacks.

Conti actors are known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence on victim networks. The actors use tools already available on the victim network—and, as needed, add additional tools, such as Windows Sysinternals and Mimikatz—to obtain users’ hashes and clear-text credentials, which enable the actors to escalate privileges within a domain and perform other post-exploitation and lateral movement tasks. In some cases, the actors also use TrickBot malware to carry out post-exploitation tasks.

According to a recently leaked threat actor “playbook,” Conti actors also exploit vulnerabilities in unpatched assets, such as the following, to escalate privileges and move laterally across a victim’s network.

UK and US cyber security leaders meet to discuss shared threats and opportunities

National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency met in London.

Top cyber security officials from the UK and US affirmed their commitment to tackling ransomware in their first official face-to-face engagement.

Lindy Cameron, CEO of the National Cyber Security Centre – a part of GCHQ – met with Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency to discuss their organisations’ priorities, including combatting ransomware.

During their bi-lateral meeting in London they reflected on the impact of ransomware attacks this year and the need for industry collaboration to complement government’s operational efforts against ransomware.

NCSC Chief Executive Lindy Cameron said:

“It was a pleasure to host Director Easterly for our first in-person bi-lateral meeting to discuss the critical issues in cyber security today.

“Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”

The issue of gender diversity was also on the agenda, with both agreeing that more needed to be done to remove barriers to entry into the profession for women and girls.

They discussed the NCSC’s CyberFirst Girls Competition, which aims to get more girls interested in cyber through fun but challenging team events for teenagers, and CISA’s ongoing commitment to expanding opportunities for young women and girls to pursue careers in cyber security and technology and closing the gender gap that exists in these fields.

The two leaders also discussed government collaboration with industry, including the NCSC’s Industry 100 scheme and CISA’s Joint Cyber Defense Collaborative.

The Industry 100 scheme has integrated public and private sector talent in the UK to pool their knowledge to tackle key cyber security issues. The Joint Cyber Defense Collaborative has similarly bought American public and private sector entities together to unify crisis action planning and defend against threats to U.S. critical infrastructure.

The basis for safer digital finance

The transformations we are seeing in numerous fields – from energy and mobility to health care, agriculture, and financial services – all hinge on digital technologies, along with an array of associated business ecosystems. All these technologies and systems must be reliable, secure and deserving of our trust.

The Financial Inclusion Global Initiative (FIGI) is an open framework for collaboration led by the International Telecommunication Union (ITU), the World Bank Group, and the Committee on Payments and Market Infrastructures (CPMI).

Our partnership brings together the expertise to accelerate digital financial inclusion. With the support of the Bill & Melinda Gates Foundation, we have brought together the full range of stakeholders set to benefit from this expertise.

The World Bank Group and CPMI have helped to build a strong understanding of the policy considerations surrounding digital identity and incentivizing the use of electronic of payments.

ITU’s work has focused on security, infrastructure and trust – secure financial applications and services, reliable digital infrastructure, and the resulting consumer trust that our money and digital identities are safe.
No more secrets

Considering the prevalence of data breaches, the need for strong authentication is clear, with discussions in the industry often noting that “there are no secrets anymore.”

New ITU standards for a universal authenticator framework (X.1277) and client-to-authenticator protocol (X.1278) are helping overcome the security limitations of the "shared secret" approach, the basis for the widely familiar username-password model of authentication.

Users can now authenticate locally to their device using biometrics, with the device then authenticating the user online with public key cryptography. With the new standards, users are asked to authenticate locally to their device only once, and their biometric data never leaves the device. This model avoids susceptibility to phishing, man-in-the-middle attacks, or other forms of attack targeting user credentials.

FIGI engagement helped to usher these specifications, first developed by the FIDO (Fast Identity Online) Alliance, into the ITU standardization process to stimulate their adoption globally. Authentication options consistent with X.1277 and X.1278 are now supported by most devices and browsers on the market.
Fortifying a walled garden

In developing countries, digital financial services are often provided over Signalling System No.7 (SS7), a legacy network protocol standardized by ITU in the late 1970s. SS7 enables all network operators to interconnect and looks sure to remain in use for years to come.

But security was not considered in its design. SS7 was designed as a walled garden. Entry to the SS7 network was intended to be highly regulated, with only trusted network operators being granted access. But malicious actors have since found various ways to get hold of the keys, especially since some of the initial design and deployment assumptions were no longer valid with the introduction of deregulation, voice over IP, and mobile networks.

FIGI has worked to raise awareness about SS7’s security vulnerabilities and associated mitigation techniques. As the need to mitigate these vulnerabilities increases, network operators can look to ITU’s new Q.3057 standard outlining signalling requirements and architecture for interconnection between trustable network entities. This is another standard rooted in FIGI discussions.
Reliable, widely available connectivity

Trust in digital financial services is also acutely affected by the reliability and availability of connectivity. Network downtime and transaction failures resulting from dropped connections can erode the trust of consumers and merchants in digital financial services.

Investment in digital infrastructure must continue, with the industry adopting meaningful, widely accepted benchmarks for service quality. ITU standards specify the route towards reliable, interoperable network infrastructure, and they provide a wide range of tools to assess the performance and quality of the services running over this infrastructure.

FIGI highlighted the demand for service quality indicators specific to digital financial services. With the expertise on hand at ITU, we have delivered new standards describing key quality considerations for digital financial services (ITU G.1033) and a methodology to assess the quality of user experience (ITU P.1052).
Security across the value chain
Every industry player involved in providing digital financial services has to be concerned about security risks. Security is only as strong as its weakest link, and innovation in digital finance continues to extend the length and increase the complexity of the underlying value chain.

Secure digital finance calls for coordinated defences that are attuned to evolving security threats. A key FIGI report outlines the security assurance framework needed to achieve this for each actor in the digital finance value chain.

The best practices suggested by the framework could form the basis for a safer business ecosystem. They reflect the needs of everyone involved, from customers to network operators and digital finance providers, right through to third-party providers interfacing with the financial system.

[Source: ITU]
1 2 3 15