The Council of Financial Regulators (CFR) released a framework in December 2020 that can be used to build Red Team scenarios to test the level of Australian financial services industry’s cyber resilience. A proactive stance to cyber security is required to maintain information security capabilities that commensurate with the size and extent of the threats its information assets face.
The Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework is a pilot programme of exercises that will mimic the Tactics, Techniques and Procedures (TTPs) of real-life adversaries, creating and utilising tools, and using techniques that may not have been anticipated or planned for. Also known as Red Team exercises, these help Financial Institutions(FI) stay competitive and secure by leveraging an unbiased view, and by third-party providers mimicking real-world Advanced Persistent Threats (APTs).
The pilot program will focus on the following objectives:
• Provide data and information to inform relevant Australian Regulators of systemic weaknesses that may present a risk to the integrity of the Australian financial markets and financial system.
• Assess FI’s resilience to known adversaries targeting the FI (based on Threat Intelligence).
• Provide the relevant Regulator and FI with a plan of remediation to address any identified weaknesses.