AFBS Memo Cyber Security Oct 2017

Summary of Meetings

Purpose of meetings is to understand ongoing initiatives and benefit/involvement of AFBS and foreign banks.

Participants AFBS: Yvonne Chan, Citi; Raoul Würgler, AFBS

Swisscom, Flavio Gerbino 7.9.2017

Swisscom offers IT infrastructure to banks as well as healthcare and other industries; it covers 54% of domestically active banks. The offering is modular and goes from some specific activities to the fully-fledged bank outsourcing. It sees a growing trend of banks outsourcing non-core processes. Cyber resilience is part of the offering and Swisscom is investing to improve the infrastructure in that realm.

Swisscom aims at establishing a SOC and an early-warning mechanism to allow (client) banks to share alerts on a confidential basis. It conducts research and monitoring itself (dataflow, traffic volume, activity on the net and the darknet) in view of detecting modi operandi and of being able to act early. It has its own hacking team for internet and cyber security and cooperates with Fedpol, Switch and universities. It is looking for the adequate format for such a platform (c-cert based upon KOBIK being one possible solution).

Initiative and offering is similar to the one of SIX Group, however, focus is mainly on Swiss domestic banks which does not fully match the focus of the foreign banks. Contact to be kept; no further action needed.

ETHZürich, Prof Srdjan Capkun, Institute of Information Security ZISC  13.9.2017

ZISC ( is an industry-funded research centre founded in 2003 with 4 faculty, 60 PhD; it covers all topics related to cyber security; there is a partnership with CornellTech IC3 ( with focus on blockchain and cryptocurrencies); ETH/ZISC is ranked 4th globally, Cornell 1st. Research is not targeted according to specific needs but free. Industry firms funding the centre have privileged access and regular exchange to share information and develop common projects.

Several startups grew out of the ZISC

  • 3db: technology to make car locks safe, based upon vicinity control
  • Futurae: offers authentication through comparison of ambient sound registered from different devices.
  • Anapaya Systems: manages and restricts internet traffic upon geographical location
  • Securify: allows formal verification of blockchain contracts
    SC insists on blockchain being about integrity, not confidentiality; make sure all are at the same level.
  • Exeon performs traffic analysis and identification of security threats upon traffic data
  • DeepCode allows code generation and verification

The ZISC develops projects with SIX on network protection and with Swiss Post on phishing and on protection of low power radio networks. They developed a system to protect remote car locks through distance measurement and a solution to allow authenticated information be transferred to a blockchain (

SWITCH, Martin Leuthold, Frank Herberg 20.9.2017

SWITCH was created by Swiss universities as a not-for-profit organisation to manage the internet among them and has become, and still is, manager of the top level domains .ch and .li. Over the past twenty years it has evolved into a service provider, among others in the realm of cyber security, where it runs a SOC, acts as a CERT. It continues to run IT for universities; security is at the core of its concerns. The Board gathers representatives from research institutes (Cern, PSI, CSCS centre for scientific computing Manno, etc.).

Since 2007 and following the first malware attacks on banks in Switzerland, Switch started operating malware monitoring and proposing countermeasures. It has developed competencies for malware detection and analysis and has created networks for the early detection and monitoring. It insists on the importance of merging knowledge of the local peculiarities and awareness of global developments to enhance cyber security. It thus coordinates networks for exchange of information among a small group of local banks and manages its incident handling, threat alerting, information sharing.

Switch entertains an inner circle of Swiss banks (Credit Suisse, PostFinance, Raiffeisen, cantonal banks) which are customers and an outer circle (+ UBS) which are not customers. It is open to extend collaboration and to find ways of extending collaboration to other banks / banking groups although it insists on the need of keeping groups small and cosy to assure information can flow smoothly in spite of its sensitivity. It is interested in facilitating its access to information on the international level through some sort of cooperation with foreign banks.

AFBS Conference and Roundtable 29.9.2017

The event started off with presentations from the Zürich prosecutor, SIX Group and Citi. The prosecutor outlined the informal approach he adopts towards resolving cyber criminality: the prosecutor has set up a competence centre for cyber criminality; it offers preliminary informal investigation if the victim wishes so, information remains confidential and the investigation can be suspended at any point if the victim decides so; the prosecutor cooperates with police forces. SIX Group presented the plans for the security operating centre SOC which is to offer a platform to financial centre for early warning and enhancement of security. The SOC operates through identification, detection, mitigation and responding to threats. SIX aims at establishing the SOC as a trusted partner with state of the art infrastructure which is compliant with the major regulatory standards (IOSCO, FINMA, SNB) and ISO 27001. C. Wetherill outlines the way in which Citi is fighting cyber crime at a global level; he underlines the importance of collaboration and connectivity in view of involving a wide range of partners and being able to benefit from mutual exchange of knowledge and experience, both locally, regionally and internationally. Documentation is available on link.

economesuisse meeting with K.Todt, Liberty Group Ventures 4.10.2017

K.Todt is President and Managing Partner of Liberty Group Ventures (, an US-based risk management consulting firm that assists clients in managing risks, especially in the realm of cyber. She drafted a report on cyber-security upon mandate by President Obama. She outlined the importance of interdependence of businesses, firms of different size and sectors; the necessity of individuals being put "in charge"; the risks due to users lacking consciousness about the threats their behaviour could cause; the importance of security by design being widely adopted. The ensuing discussion addressed the following points: * government agencies could constitute partners for collaboration and information sharing, however, they encounter restraints when deploying activities beyond national borders and when involving international firms; * exchange of information does not work well under all circumstances for lack of trust (backdoors in software allowing government to access servers were mentioned as one example undermining trust); * a "Geneva Convention" should be drafted in view of regulating the potential dual use of cyber intelligence, which appears to be misused not only by hackers but also by national governments; * common standards on IT security should be adopted to assure complexity of the environment is manageable also for small stakeholders which may otherwise fall victim and constitute a threat to the entire network.

IBM, Oliver Kraus, David Kipfer 20.10.2017

Beyond operating its own SOC (Boston and Dublin) IBM is providing the infrastructure for the SIX SOC. With the assistance of IBM X-Force threat intelligence software ( IBM is in a position to offer services for the prevention, detection, protection and reaction of IT incidents. It very much focuses on measures of both technical and organisational/procedural dimension. The collaborative X-Force platform offers access to a global network of intelligence and sharing of early-information and knowledge. The platform covers intelligence, observation, exchange and thus collaboration. As a globally active firm IBM encounters the same limits as the foreign banks with respect to information-sharing and cooperation with local government authorities (e.g. Melani). 
IBM Watson for Cyber Security ( offers analytics of data from various sources and involves context evaluation of indicia upon which it elaborates insight into patterns of attack as well as possible reactions. It allows the persons in charge to benefit from a broad knowledge of cases and to take decisions more quickly.

Next Steps

AFBS Group Cyber meeting of 29.9.2017 concludes

  • Attempt to contact EU FS-ISAC (contact through C.Wetherill?):
    The FS-ISAC was created in 1999 by the financial sector to offer globally active financial services firms the possibility of sharing information on physical and cyber security threats. The not-for-profit organisation allows members to submit information, which is examined by experts before being forwarded to the members together with recommended responses. The intermediation assures quality check and anonymity.
  • Understand possible cooperation with MELANI (ongoing through AFBS Secretariat).
  • Create a network among foreign banks for early warning and information sharing:
  • identify the person in charge with the bank; share a contact list among members AFBS Group Cyber
  • set up a platform for immediate information sharing: What's App; offer the possibility to create easy to manage closed user groups
    This can be the starting point of a more sophisticated information sharing platform among foreign banks; it has the advantage of requesting small investment and being easy to set up.
    Please advise in case of interest.
  • Prepare a next AFBS Group meeting / AFBS Conference; possible topics/speakers:
  • invite authors of the WEF report on cyber resilience: link
  • Discuss the Federal Council's National Cyber Strategy NCS: DE FR IT EN
  • Assess the SOC offering of SIX Group in cooperation with IBM