Abstract
The increasing outsourcing by financial intermediaries intensifies the interconnection of the financial system with third-party providers. Concentration risks can materialize and threaten financial stability if these third-party providers are affected by cyber incidents. With the goal of preserving financial stability, regulators are interested in tracing cyber incidents efficiently. One method to achieve this is cyber map**, which allows them to analyze the connections between the financial network and the cyber network. In this paper, a provenance-aware knowledge graph is constructed to model this kind of map** for investment funds which are part of the German financial system. As a first application, we provide a front-end for analyzing the funds’ outsourcing behaviors. In a user study with ten experts, we evaluate and show the application’s usability and usefulness. Time estimations for certain scenarios indicate our application’s potential to reduce time and effort for supervisors. Especially for complex analysis tasks, our cyber map** solution could provide benefits for cyber risk monitoring.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
References
Abu-Salih, B.: Domain-specific knowledge graphs: a survey. J. Netw. Comput. Appl. 185, 103076 (2021). https://doi.org/10.1016/J.JNCA.2021.103076
Adamcyk, M., Drougkas, A., Philippou, E., Abel, P., Gratiolet, F., Maaskant, E.: NIS investments - cybersecurity policy assessment, November 2023. Technical report, European Union Agency for Cybersecurity (ENISA) (2023). https://www.enisa.europa.eu/publications/nis-investments-2023
Adelmann, F., et al.: Cyber Risk and Financial Stability: It’s a Small World After All. IMF Staff Discussion Notes (2020). https://www.imf.org/en/Publications/Staff-Discussion-Notes/Issues/2020/12/04/Cyber-Risk-and-Financial-Stability-Its-a-Small-World-After-All-48622
Bank of England: Operational resilience: Critical third parties to the UK financial sector. PRA Discussion Paper 3/22 and FCA Discussion Paper 22/3 (2022). https://www.bankofengland.co.uk/prudential-regulation/publication/2022/july/operational-resilience-critical-third-parties-uk-financial-sector
Beckett, D., Berners-Lee, T., Prud’hommeaux, E., Carothers, G.: RDF 1.1 Turtle (2014). https://www.w3.org/TR/turtle/
Belhajjame, K., et al.: PROV-O: The PROV Ontology (2012). http://www.w3.org/TR/prov-o/
Bennett, M.: The financial industry business ontology: best practice for big data. J. Bank. Regul. 14(3), 255–268 (2013). https://doi.org/10.1057/jbr.2013.13
Brauchle, J.P., Göbel, M., Seiler, J., von Busekist, C.: Cyber map** the financial system. Technical report, Carnegie Endowment for International Peace (2020). http://www.jstor.org/stable/resrep24291
Bundesamt für Justiz [German Federal Office of Justice]: Gesetz zur Stärkung der Finanzmarktintegrität (Finanzmarktintegritätsstärkungsgesetz – FISG) [Act to Strengthen Financial Market Integrity (Financial Market Integrity Strengthening Act)] (2021). https://www.bgbl.de/xaver/bgbl/start.xav#__bgbl__%2F%2F*%5B%40attr_id%3D%27bgbl121s1534.pdf%27%5D__1699873137312
Bundesamt für Sicherheit in der Informationstechnik [Federal Office for Information Security]: Die Lage der IT-Sicherheit in Deutschland 2023 [The state of IT security in Germany in 2023]. Technical report, Bundesamt für Sicherheit in der Informationstechnik [Federal Office for Information Security] (2023). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2023.html
Bundesanstalt für Finanzdienstleitsungsaufsicht [German Federal Financial Supervisory Authority] (BaFin): Auslagerungen: Landkarten bieten Orientierung [Outsourcing: Maps Provide Orientation] (2022). https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Fachartikel/2022/fa_bj_2208_Auslagerungen_Landkarten.html
Bundesanstalt für Finanzdienstleitsungsaufsicht [German Federal Financial Supervisory Authority] (BaFin): Wertschöpfungsketten im Finanzsektor: Empfehlungen zur IT-Aufsichtspraxis [Value chains in the financial sector: recommendations for IT supervisory practice] (2022). https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Fachartikel/2022/fa_bj_2207_uni_innsbruck_wertschoepfungsketten.html
Böhme, R., Pesch, P.J., Fritz, V.: Auswirkungen sich verändernder Wertschöpfungsketten im Finanzsektor auf die IT-Sicherheit [Effects of changing value chains in the financial sector on IT security] (2022). https://www.bafin.de/SharedDocs/Downloads/DE/Bericht/dl_abschlussbericht_forschungsprojekt_uni_innsbruck.pdf?__blob=publicationFile
Clancy, L., Mourselas, C.: Ion cyber outage continues as banks rely on workarounds (2023). https://www.risk.net/derivatives/7955967/ion-cyber-outage-continues-as-banks-rely-on-workarounds
Deng, Y., Lu, D., Huang, D., Chung, C., Lin, F.: Knowledge graph based learning guidance for cybersecurity hands-on labs. In: Proceedings of the ACM Conference on Global Computing Education, CompEd 2019, Chengdu, Sichuan, China, 17–19 May 2019, pp. 194–200. ACM (2019).https://doi.org/10.1145/3300115.3309531
Dimou, A., Sande, M.V., Colpaert, P., Verborgh, R., Mannens, E., de Walle, R.V.: RML: a generic language for integrated RDF map**s of heterogeneous data. In: Proceedings of the Workshop on Linked Data on the Web co-located with the 23rd International World Wide Web Conference (WWW 2014), Seoul, Korea, 8 April 2014. CEUR Workshop Proceedings, vol. 1184. CEUR-WS.org (2014). http://ceur-ws.org/Vol-1184/ldow2014_paper_01.pdf
Elhammadi, S., et al.: A high precision pipeline for financial knowledge graph construction. In: Proceedings of the 28th International Conference on Computational Linguistics, COLING 2020, Barcelona, Spain (Online), 8–13 December 2020, pp. 967–977. International Committee on Computational Linguistics (2020). https://doi.org/10.18653/V1/2020.COLING-MAIN.84
European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA), European Securities and Markets Authority (ESMA): Joint European Supervisory Authorities’ Technical Advice (ESA 2023 23). Technical report, European Banking Authority (EBA) and European Insurance and Occupational Pensions Authority (EIOPA) and European Securities and Markets Authority (ESMA) (2023). https://www.eba.europa.eu/sites/default/files/document_library/Publications/Other%20publications/2023/JC%20technical%20advice%20on%20DORA/1062226/Joint-ESAs%E2%80%99%20response%20to%20the%20Call%20for%20advice%20on%20the%20designation%20criteria%20and%20fees%20for%20the%20DORA%20oversight%20framework_final.pdf
European Central Bank (ECB): Guideline (EU) 2018/876 of the European Central Bank of 1 June 2018 on the Register of Institutions and Affiliates Data (ECB/2018/16). Official Journal of the European Union, pp. 3–21 (2018). https://eur-lex.europa.eu/eli/guideline/2018/876
European Systemic Risk Board (ESRB): Systemic cyber risk. Technical report, European System of Financial Supervision (ESFS) (2020). https://www.esrb.europa.eu/pub/pdf/reports/esrb.report200219_systemiccyberrisk~101a09685e.en.pdf
European Systemic Risk Board (ESRB): Mitigating systemic cyber risk. Technical report, European System of Financial Supervision (ESFS) (2022). https://www.esrb.europa.eu/pub/pdf/reports/esrb.SystemiCyberRisk.220127~b6655fa027.en.pdf
Fensel, D., et al.: Knowledge Graphs - Methodology, Tools and Selected Use Cases. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37439-6
Financial Stability Board (FSB): Third-party dependencies in cloud services - Considerations on financial stability implications. Technical report, FSB (2019). https://www.fsb.org/wp-content/uploads/P091219-2.pdf
Foroutan, N., Schröder, M., Dengel, A.: CO-fun: a German dataset on company outsourcing in fund prospectuses for named entity recognition and relation extraction. CoRR abs/2403.15322 (2024). https://arxiv.org/abs/2403.15322
Gruber, T.: A translation approach to portable ontology specifications. Knowl. Acquis. 5(2), 199–220 (1993)
Handelsblatt: Nach Cyberangriff: Evotec verlässt MDax wegen Fristverletzung [After cyber attack: Evotec leaves MDax due to deadline violation] (2023). https://www.handelsblatt.com/finanzen/maerkte/aktien/chart-des-tages-nach-cyberangriff-evotec-verlaesst-mdax-wegen-fristverletzung/29133970.html
Harry, C., Gallagher, N.: Classifying Cyber Events: A Proposed Taxonomy. Center for International and Security Studies at Maryland (CISSM), Cyber Attacks Database (2018). https://cissm.liquifiedapps.com/#about
Hartig, O.: Foundations of RDF\(\star \) and SPARQL\(\star \) (an alternative approach to statement-level metadata in RDF). In: Proceedings of the 11th Alberto Mendelzon International Workshop on Foundations of Data Management and the Web, Montevideo, Uruguay, 7–9 June 2017. CEUR Workshop Proceedings, vol. 1912. CEUR-WS.org (2017). https://ceur-ws.org/Vol-1912/paper12.pdf
Hellmann, S., Lehmann, J., Auer, S., Brümmer, M.: Integrating NLP using linked data. In: Alani, H., et al. (eds.) ISWC 2013. LNCS, vol. 8219, pp. 98–113. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41338-4_7
Hinderks, A., Schrepp, M., Thomaschewski, J.: User Experience Questionnaire, Data Analysis Tools. Website (2023). https://www.ueq-online.org/
Huakui, L., Liang, H., Feicheng, M.: Constructing knowledge graph for financial equities. Data Anal. Knowl. Discov. 4(5), 27–37 (2020)
(IMF), I.M.F.: Norway: Financial Sector Assessment Program. Technical Note - Cybersecurity Risk Supervision and Oversight. IMF Staff Country Report 2020/262. Technical report, IMF (2020). https://www.imf.org/~/media/Files/Publications/CR/2020/English/1NOREA2020004.ash
Jia, Y., Qi, Y., Shang, H., Jiang, R., Li, A.: A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4(1), 53–60 (2018). https://doi.org/10.1016/j.eng.2018.01.004
Kiesling, E., Ekelhart, A., Kurniawan, K., Ekaputra, F.: The SEPSES knowledge graph: an integrated resource for cybersecurity. In: Ghidini, C., et al. (eds.) ISWC 2019. LNCS, vol. 11779, pp. 198–214. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30796-7_13
Laugwitz, B., Held, T., Schrepp, M.: Construction and evaluation of a user experience questionnaire. In: Holzinger, A. (ed.) USAB 2008. LNCS, vol. 5298, pp. 63–76. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89350-9_6
Panetta, F.: The Quick and the Dead: building up cyber resilience in the financial sector. Technical report, European Central Bank (ECB) (2023). https://www.ecb.europa.eu/press/key/date/2023/html/ecb.sp230308~92211cd1f5.en.html
**le, A., Piplai, A., Mittal, S., Joshi, A., Holt, J., Zak, R.: Relext: relation extraction using deep learning approaches for cybersecurity knowledge graph improvement. In: ASONAM 2019: International Conference on Advances in Social Networks Analysis and Mining, Vancouver, British Columbia, Canada, 27–30 August 2019, pp. 879–886. ACM (2019). https://doi.org/10.1145/3341161.3343519
Resano, J.R.M.: Digital resilience and financial stability. The quest for policy tools in the financial sector. Technical report, Banco de España (2022). https://dx.doi.org/10.2139/ssrn.4336381
Ros, G.: The Making of a Cyber Crash: A Conceptual Model for Systemic Risk in the Financial Sector. ESRB: Occasional Paper Series No. 2020/16 (2020). https://dx.doi.org/10.2139/ssrn.3723346
Schreiber, G., Raimond, Y.: RDF 1.1 Primer (2014). https://www.w3.org/TR/rdf11-primer/
Syed, Z., Padia, A., Finin, T., Mathews, M.L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Martinez, D.R., Streilein, W.W., Carter, K.M., Sinha, A. (eds.) Artificial Intelligence for Cyber Security, Papers from the 2016 AAAI Workshop, Phoenix, Arizona, USA, 12 February 2016. AAAI Technical Report, vol. WS-16-03. AAAI Press (2016). http://www.aaai.org/ocs/index.php/WS/AAAIW16/paper/view/12574
The European Parliament and the Council of the European Union: Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 (2022). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022R2554 &from=FR
Wang, W., Xu, Y., Du, C., Chen, Y., Wang, Y., Wen, H.: Data set and evaluation of automated construction of financial knowledge graph. Data Intell. 3(3), 418–443 (2021). https://doi.org/10.1162/DINT_A_00108
Zehra, S., Mohsin, S.F.M., Wasi, S., Jami, S.I., Siddiqui, M.S., Raazi, S.M.K.: Financial knowledge graph based financial report query system. IEEE Access 9, 69766–69782 (2021). https://doi.org/10.1109/ACCESS.2021.3077916
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Schröder, M. et al. (2024). Towards Cyber Map** the German Financial System with Knowledge Graphs. In: Meroño Peñuela, A., et al. The Semantic Web. ESWC 2024. Lecture Notes in Computer Science, vol 14664. Springer, Cham. https://doi.org/10.1007/978-3-031-60626-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-60626-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-60625-0
Online ISBN: 978-3-031-60626-7
eBook Packages: Computer ScienceComputer Science (R0)