Communication Middleware for Monitoring Financial Critical Infrastructure
Concept And Objectives

The financial industry is undergoing profound technological and usage related changes. Globalization, new technological trends, increasingly powerful customers, and intensified competition have brought about a shift in the internal organization of the industry’s infrastructure rom being confined within the organizational boundaries to a truly global ecosystem consisting of numerous interconnected financial domains and of interdependences with other critical infrastructures. The financial bodies as well as businesses and ordinary people worldwide are increasingly relying on this financial infrastructure for conducting their everyday financial activities. As of today, the overall number of transactions being conducted over the financial IT infrastructure amounts to millions per hour worldwide and several trillions of Euros/Dollars moved around the world every day1. Furthermore, the increasing portion of this traffic is carried over publicly accessible communication mediums (such as the Internet), and involves commodity hardware and software.

Protecting this infrastructure in the face of faults and malicious attacks is, therefore, crucial to ensure stability, availability, and continuity of the key financial markets and individual businesses worldwide. Traditional approaches to that have focused on protecting individual financial domains (such as banks or brokerage firms) while ignoring the threats arising from the cross-domain interactions as well as those originating from remote, seemingly unrelated critical infrastructures.

With today’s crumbling organizational boundaries, and the emerging trends towards fluid, globally integrated enterprises, these approaches are no longer adequate. In CoMiFin, we embark on a long-term research agenda aiming to develop a comprehensive approach to the financial infrastructure protection. In contrast to the existing work, we do not restrict our attention to protecting each individual financial domain, but rather focus on the entire financial ecosystem as a whole. Our specific objective in the CoMiFin timeframe will be to devise scalable distributed monitoring subsystem that will provide the relevant IT components of each participating financial domain with early notifications about faults and other potentially malicious activity originating at remote sites (possibly belonging to other critical infrastructures) thus enabling those components to trigger the necessary protective mechanisms in a timely fashion.