Veep Opens BoG’s Cybersecurity Centre

Dr. Mahamudu Bawumia with BoG officials after unveiling the plaque

Vice President Dr. Mahamudu Bawumia yesterday commissioned the Bank of Ghana’s newly established Financial Industry Command Security Operations Centre (FICSOC), which would protect banks and financial institutions from cyber-attacks.

The establishment of the centre forms part of the broad, ongoing measures to strengthen the cyber security landscape for the banking and financial services industry in Ghana.

The FICSOC is intended to prevent, rapidly detect, share information and respond to cyber threats aimed at the industry and ultimately the entire nation.

The Vice President, speaking at the commissioning, emphasised the need of a strong cybersecurity infrastructure in sustaining trust in the financial sector, particularly as it adjusts to the growing influence of digital technology in the provision of financial services.

According to him, this is because the use of digital technologies continues to revolutionise financial institutions’ business models by providing new revenue and value-creation options.

While he acknowledged that these digital technologies underpin financial services and enable banking strategy, he was quick to admit that the underlying security flaws offer significant cyber risks to these organisations.

“Cybersecurity risks may impair operational capabilities and threaten the viability of financial institutions. Likewise, the contagion of cyber risk in a financial system is heightened by the extent of interconnectedness and therefore, any severe cyber-attack could threaten the stability of the financial system,” he stated.

Dr. Bawumia said this was the impetus for the central bank to publish the Cyber and Information Security Directive (CISD) in October 2018, which mainly outlined the industry’s strategy to cybersecurity protection and response.

The directive mandates that each regulated financial institution implement a Security Information and Event Management (SIEM) technology that provides real-time analysis of security alerts generated by network, hardware, and applications, and establish a Security Operations Centre (SOC) to serve as its cyber nerve centre, staffed by designated employees.

In addition, the Bank of Ghana was mandated to establish an industry SIEM system to receive logs/alerts, aggregated information, and reports from each institution’s SIEM.

These requirements formed the foundation of the Financial Industry Command Security Operations Centre (FICSOC).

The FICSOC Project aimed at threat intelligence-sharing, industry situational awareness and incident response among its regulated financial institutions.

“I am reliably informed that as of April 2023, all commercial banks had been connected to the FICSOC and reporting of cyber threat intelligence in the form of FICSOC alerts and FICSOC advisories is being communicated to these banks,” Dr. Bawumia stated.

He noted that the platform was built for safe exchange and cooperation, as well as to assist risk analysis and prioritisation, resource allocation, and threat understanding specific to each regulated financial institution and the banking industry.

The FICSOC comprises the integrated infrastructure and software solutions to gather, process and share threat intelligence.

These components include the Security Information and Event Management (SIEM), Threat Intelligence Sharing, Network Traffic Analysis and Digital Forensic Laboratory.

The Vice President is therefore of the conviction that with a coordinated approach between the regulator and member banks, the FICSOC would broadly support regulated financial institutions to collaboratively fight cybersecurity threats while maintaining independence and confidentiality in day-to-day operations.

In addition, he said, the FICSOC, as part of the Critical Information Infrastructure owned by the Bank of Ghana, will undergo mandatory compliance checks and audits under the Cybersecurity Act, 2020 (Act 1038) to protect Ghana’s critical systems and enhance the existing collaborative efforts between the Bank of Ghana and the Cyber Security Authority (CSA).

Dr. Bawumia explained that the FICSOC platform was neither in competition with nor a replacement for regulated institutions’ cybersecurity risk management (including the SOC operations) but rather complements each financial institution’s cyber and information security management framework.

Hence, the responsibility for cyber and information security risk management ultimately lies with each regulated financial institution, not FICSOC operators or the Bank of Ghana.

“What the Bank of Ghana and Virtual InfoSec Africa have done tells us that we have to eschew the mindset of impossibility and believe that it is possible for us to lead the continent and even the world in many areas,” Dr. Bawumia said.

The FICSOC project was funded by the Bank of Ghana (BoG) as a threat intelligence sharing platform to coordinate cybersecurity efforts within the banking and financial industry, as well as build cybersecurity resiliency against cyber and information security threats.

The project, the first of its kind in Africa, was initiated by the BoG in November 2019 and became operational in January 2023.

It was designed by Virtual InfoSec Africa Limited, a wholly-owned Ghanaian information and cybersecurity services company.  As of April 2023, all commercial banks in Ghana have been connected to the platform.

By Charles Takyi-Boadu, Presidential Correspondent