Hong Kong banks lag in threat intelligence

Hong Kong banks still have a long way to go in putting effective threat intelligHong Kong banks still have a long way to go in putting effective threat intelligence in their respective organization, banking and security insiders say.

“Although improving (thanks in part to the HKMA’s initiative), banks in Hong Kong are still in general lagging when it comes to having effective cyber threat intelligence (CTI) frameworks,” said Paul Jackson, Asia-Pacific Leader, Cyber Security and Investigations Practice, Hong Kong at Kroll.

For over six months now, banks in Hong Kong have been connected to the Cyber Intelligence Security Platform (CISP), which is developed and operated by the Hong Kong Applied Science and Technology Research Institute (ASTRI). The local platform for sharing intelligence and information on cyberattacks among banks is one of three key elements of the HKMA’s Cybersecurity Fortification Initiative launched in May 2016.

Besides providing banks with cyber intelligence information from commercial and public domain and Chinese-language sources, ASTRI is also supplementing the information with analysis and reports. The data format for the intelligence provided on the CISP is based on the Structured Threat Information Expression (STIX) standard.

“The timeliness of receiving alerts or warnings from this commonly shared intelligence platform will help the banking sector to better prepare for possible cyberattacks,” said Celia Shing, secretary at Hong Kong Association of Banks, which commissioned ASTRI to develop the platform.

She added: “ASTRI will continue updating and enhancing the functionality of the platform based on feedback received from banks.”

Asked on an update on how the CISP is being operated and about the feedback from banks, HKAB declined to comment.

“Your enquiry pertaining to the operation of the CISP touches on the internal management of the system. We, therefore, are not able to share any specific information with you,” she said.

CISP: a work in progress

Indeed, the first version of the CISP, which was launched in December 2016, remains a work in progress.

Michael Leung, CIO and COO, China CITIC Bank International told Computerworld Hong Kong that since the CISP is relatively new, more details are yet to be clarified.

“Banks are generally beefing up or gearing up their cybersecurity incident and intelligence database as well as system interface in order to meet the CISP requirements. However, a lot of work has yet to come when more details become available,” he said.

According to Jackson of Kroll, the CISP is a good initiative and a step in the right direction.

“While it may not be at an ideal state yet, it has helped raise awareness as to where the gaps lie and banks are aware of this and are working towards improving the intelligence sharing to make this more meaningful and actionable,” he noted

He added that the greatest challenge in a CISP in the banking sector is the diversity of the financial institutions and language issues.

“Some banks have extremely mature cybersecurity and intelligence capabilities, whereas other may be at a very different level. Bringing everyone up to the same level and engendering the trust that is needed for intel sharing will take time. These types of skills and expertise are also in very short supply,” Jackson said.


Research Notes News and Opinions