Nordic Financial CERT is a nonprofit organization governed and paid for by its members in the Nordic financial industry.
It aims to have a hub in Norway, with local employees in Finland, Sweden, Denmark and Norway, connecting all the local stakeholders in the Nordic countries, including police, CERTs and others.
The purpose of Nordic Financial CERT is to strengthen the Nordic financial industry’s resilience to cyber attacks, by enabling Nordic financial institutions to respond rapidly and efficiently to cyber security threats and online crime. As a collaborative initiative, it allows members to work together when handling cyber crime, sharing information and responding to threats in a coordinated manner.
Financial sector collaboration in Norway has proven effective in providing communication channels, cyber incident and threat information sharing, and incident handling. Nordic Financial CERT takes this to another level and establishes a common collaboration and communication platform for the financial industry across borders. It expands existing networks by extending from the successful Norwegian model, FinansCERT, to bring all Nordic members together in collaboration, dialogue, support and partnership.
The initiative creates a joint effort to proactively identify threats, coordinate incident response, provide incident handling support, and ensure overall protection from various cyber criminal activities. This provides a safety net for small and large members, and is based on subject-matter expertise, dialogue, understanding the members’ needs, and prioritising the human factor in building and fostering networks of trust. It promotes a collaborative culture with information sharing to engage and protect the Nordic financial community and their customers.
Vision and mission
Today each country has at least one forum for sharing information, knowledge, and Indicators of Compromise (IOCs). Unfortunately, criminals do not care about borders and, therefore, we should also expand our views to not only look in our own backyard, but also establish information about what is going on in the neighbour region, and learn from each other by binding information together.
Strengthen the Nordic financial industry’s resilience to cyber attacks, to ensure safe and trustworthy financial services in the Nordic societies.
Nordic Financial CERT enables Nordic financial institutions to respond to cyber security threats and online crime rapidly and efficiently. This will be achieved by:
- facilitating information sharing between members, partners and governmental institutions
- publishing threat information and offering Threat Intelligence services (TI)
- coordinate and assist in cyber threat and online crime mitigation activities
Why have a Nordic Financial CERT?
Our Nordic members have shared and collaborated informally – and formally, but ad-hoc – for many years already.
We are not starting at zero, but with the Nordic Financial CERT we are taking the next step – together.
- The Nordic financial industry is highly digitized
- Most payments are digital (>90%)
- Our Nordic societies depend on trustworthy digital financial services
- The digital/cyber threat picture is developing rapidly
- The criminals/attackers are collaborating and sharing, taking full advantage of digital collaboration. Criminals are collaborating, why shouldn’t we?
- Best practice in response is to share and collaborate
Nordic Financial CERT was founded in Oslo, Norway June 26th 2017 and is built on FinansCERT Norge AS.
The journey so far
April 7, 2017 — Founder's Agreement signed by Nordea, DNB, Danske Bank and FinansCERT.
May 18, 2017 — Intro event Danish financial sector & partners.
June 26, 2017 — Nordic Financial CERT association created.
July 31, 2017 — Start onboarding Danish members. Recruit Danish representative and more experts.
September 27, 2017 — Nordic Financial CERT intro event Finnish and Icelandic financial sector & partners.
November 1, 2017 — Start transfer of the Norwegian members and agreements.
November 6, 2017 — Nordic Financial CERT intro event Swedish financial sector & partners.
Extended timeline – build-up
2007 — First internet banking malware attacks in Norway
2008–2011 — Formal and informal collaboration
2012 — FinansCERT working group. Busy trojan year.
2013–2017 — FinansCERT Norway
2017– — Nordic Financial CERT
Board of directors
Chair of the Board
- Berit Børset, DNB
Vice Chair of the Board
- Espen Jul Larsen, Gjensidige
- Poul Otto Schousboe, Danske Bank
- Tapio Saarelainen, Nordea
- Vibeke Reigstad, Sbanken
- Steingrim Soug, Eika
- Vidar E. Eide, SpareBank 1
- Jan Daniel Juniszewski, Handelsbanken
- Preben Amsinck, Nykredit
Work with us
Articles of Association
The Nordic Financial CERT’s Articles of Association have been approved by the founders, Danske Bank, Nordea, DNB and FinansCERT Norway, on June 26th, 2017. The document defines, among others, the purpose of the Association, the Member’s eligibility, the Application for Membership, General meetings, the Board of directors, and termination of the Membership.
What we do
Threat intelligence and information sharing gives an overview of the situational picture and threat picture
Specialist support for incident handeling and damage control on certain incidents
Coordinating response, including the use of resources in the network
Information sharing community with members, and an extensive external network
Our current members
Nordic Financial CERT has a three year establishment plan, and as of the end of 2017 there are members in all five Nordic countries. Most Norwegian and Danish banks are already members, as well as many insurance/life insurance companies and other financial institutions.
- Get «plugged in» to a Nordic financial industry network which focuses on handling cyber threats (Which is turn is «plugged in» to European and global networks.)
- Get access to knowledge and information (including closed and non-public information)
- Become a part of an active community of industry professionals whose job is to mitigate cyber risks in their institutions
- Do «your share» and contribute to our purpose and vision of ensuring safe and trustworthy financial services in the Nordic society
- Join a forward-thinking group of financial institutions who want to do their part in keeping our rapidly digital Nordic society trustworthy – and who wants to do more to meet the threats – together.
Members, vendors and partners
Eligible members, vendors and partners for Nordic Financial CERT are:
Members: An entity that is a licensed financial institution or that is subject to the supervision of a financial supervisory authority of a Nordic Country is eligible to be a member of Nordic Financial CERT.
Vendors: E.g. key member vendors
Partners/stakeholders: E.g. government (police, national CERT, FSA, central banks)
The Nordic Financial CERT builds formal and informal relations with police, national CERTs and other government institutions in the Nordic countries – this is central to the way we work with handling incidents.