29 November 2018

On 14 November 2018, the Association of Banks in Singapore (“ABS”) issued Guidelines for Cyber Security Exercises. These Guidelines were developed with the support of the Monetary Authority of Singapore (“MAS”) and are intended to strengthen the cyber resilience of Singapore’s financial sector.

Known as the Adversarial Attack Simulations Exercises (“AASE”) Guidelines or “Red Teaming” Guidelines, the Guidelines provide financial institutions (“FIs”) with best practices and guidance on planning and conducting Red Teaming exercises to enhance their security testing. “Red Team” exercises would entail the simulation of attacks, tactics and procedures based on intelligence about prevailing and/or probable cyber threats and incidents.

Such simulations will provide insight on organisational resilience, testing the robustness of an FI’s cyber defences. The exercise is conducted in the FI’s actual operating environment, allowing FIs to identify gaps in their people, processes and technologies.

The AASE Guidelines will complement the FIs’ existing cybersecurity testing programmes and further strengthen their ability to assess the effectiveness of their cybersecurity measures to detect and respond to sophisticated incidents. The MAS’ Chief Cyber Security Officer notes that the AASE mimic the modus operandi of cyber criminals in targeting the actual operating environments of FIs making it an effective method of FI cyber resilience assessment.

Reference materials

The following materials are available on the ABS website www.abs.org.sg:

 

Download PDF