.svg)
The US Treasury has announced the completion of a three-day cyber incident response exercise in partnership with the Monetary Authority of Singapore (MAS).
Last week, the two agencies conducted an exercise that allowed them to “test and strengthen” their existing protocols for information exchange and response during cyber incidents.
The exercise was focused on potential cyber incidents involving multinational banks that operate in both jurisdictions.
Although the number of cyber threats and attacks in both countries continues to rise, their respective financial systems continue to become more interconnected, raising the potential impact of an attack or disruption.
Todd Conklin, deputy assistant secretary at the Office of Cybersecurity and Critical Infrastructure Protection at the Treasury, said the exercise was a “significant step” forward in ensuring that the two nations can adapt to the evolving threat profile.
“Every day we are reminded that cyber threats cross all national borders, as there has been an exponential growth in threat actor activities,” he said.
“We must have a coordinated international response to the increase in threats, as the interconnectedness of our financial systems makes us only as strong as our weakest endpoints.”
Following the exercise, the two agencies discussed possible enhancements in their cyber incident response protocols, including enhancements that could be made with input from other international partners.
In future, both agencies said they plan to expand these exercises to include more partners, and to hold bilateral workshops on cybersecurity policies and protocols with other agencies.
Vincent Loy, assistant managing director of technology at the MAS, said the exercise was a “key milestone” in bolstering the cybersecurity preparedness of the two countries’ financial systems.
“As the US and Singapore are major international financial hubs where a number of global systemically important banks operate, the cyber resiliency of these institutions in the respective countries has systemic implications for financial stability globally,” he said.
Growing cooperation
The exercise builds on a memorandum of understanding (MoU) on cybersecurity cooperation signed by the Treasury and the MAS in August 2021.
At the time, the two agencies said they had partnered on cyber threat information exchange since 2018, and the MoU would formalise and expand this cooperation.
The areas of cooperation that the two agencies agreed to enhance included information sharing related to the financial sector and cybersecurity regulations and guidance.
The two agencies also committed to joint cybersecurity staff training and study visits, and “competency-building activities” including cross-border cybersecurity exercises.
DBS disruptions turn heads at MAS
The exercise last week follows a major cyber incident in March this year involving DBS, Singapore’s largest bank by total assets.
On March 29, DBS informed the MAS that a ten-hour outage had left its customers unable to log into digital banking services.
In response, the MAS called the outage “unacceptable”, and ordered the bank to conduct an internal investigation on the root cause of the disruption and submit its findings to the MAS.
“DBS has fallen short of MAS’s expectations to maintain high system availability and ensure its IT systems are recovered expeditiously,” said the central bank.
“MAS will take the commensurate supervisory actions after gathering the necessary facts.”
The MAS also pointed out that it was particularly concerned about the security of DBS’ critical IT systems, given that DBS had already suffered a similar outage in November 2021.
Referred to by local media as the “worst outage in a decade”, the 2021 incident left DBS customers without access to digital banking services for 15 hours covering a two-day period.
As the outage entered its second day, DBS country head for Singapore Shee Tse Koon was forced to issue a video statement apologising to customers.
“We acknowledge the gravity of the situation and as we work to resolve matters, we seek your patience and understanding,” he said.
“I realise this is a cause for concern and frustration and am very sorry for the inconvenience and anxiety caused.”
In the meantime, DBS extended its services at all bank branches by two hours, and put all relationship managers and call centre customer service officers on standby to assist with urgent banking requests by phone.
Following the incident, the MAS imposed an additional capital requirement on DBS, and ordered the bank to appoint an independent expert to conduct a review of the incident and the bank’s recovery actions.
