Vice President Mahamudu Bawumia has officially commissioned the Financial Industry Command Security Operations Centre (FICSOC) of the Bank of Ghana (BoG), aimed at combatting cybersecurity threats in the financial services sector.
Funded by the BoG, the FICSOC serves as a threat intelligence sharing platform to coordinate cybersecurity efforts within the banking and financial industry and enhance resilience against cyber and information security threats.
Initiated in November 2019, the project, the first of its kind in Africa, commenced operations in January 2023, and all commercial banks in Ghana have been connected to the platform as of April 2023.
During the inauguration in Accra, Vice President Bawumia emphasized that the facility would equip banks and financial institutions to effectively address severe and emerging cyber threats targeting the banking industry.
He acknowledged the transformative impact of digital technologies on the business models of financial institutions but also highlighted the inherent security vulnerabilities that pose significant cyber risks.
The Vice President emphasized that cybersecurity risks could impair operational capabilities and threaten the stability of financial institutions, as well as the entire financial system due to interconnectedness.
To enhance cyber resilience in Ghana's banking and financial industry, the Central Bank issued the Cyber and Information Security Directive (CISD) in October 2018, which outlines the industry's approach to cybersecurity defence and response.
The CISD mandates that each regulated financial institution implements Security Information and Event Management (SIEM) technology and establishes a Security Operations Centre (SOC) as its cyber nerve centre.
Additionally, the Bank of Ghana is responsible for establishing an industry SIEM system to receive logs, alerts, aggregated information, and reports from each institution's SIEM.
The establishment of the Financial Industry Command Security Operations Centre (FICSOC) is based on these requirements and aims to facilitate threat intelligence sharing, industry situational awareness, and incident response among regulated financial institutions.
Vice President Bawumia noted that as of April 2023, all commercial banks had been connected to the FICSOC, with cyber threat intelligence being communicated through FICSOC alerts and advisories.
The FICSOC platform ensures secure sharing, collaboration, risk analysis, resource allocation, and tailored threat understanding for each regulated financial institution and the banking industry as a whole.
Comprising integrated infrastructure and software solutions, the FICSOC includes Security Information and Event Management (SIEM), Threat Intelligence Sharing, Network Traffic Analysis, and Digital Forensic Laboratory components.
The Vice President expressed confidence that the FICSOC, through coordinated efforts between the regulator and member banks, would support regulated financial institutions in combating cybersecurity threats while maintaining operational independence and confidentiality.
He also emphasized that the FICSOC, classified as a Critical Information Infrastructure owned by the Bank of Ghana, would undergo mandatory compliance checks and audits under the Cybersecurity Act, 2020 (Act 1038) to protect Ghana's critical systems.
Dr Bawumia clarified that the FICSOC platform does not compete with or replace regulated institutions' cybersecurity risk management, including SOC operations, but rather complements their existing cyber and information security frameworks.
He commended the Bank of Ghana and Virtual InfoSec Africa for their pioneering efforts and encouraged a mindset of possibility, envisioning Ghana as a leader in various fields.