Securing the Future

Safeguarding the Modern Financial Infrastructure from Cyber Financial Warfare

Maria Constantinescu


Member of the Advisory Board

The modern financial infrastructure is a highly interconnected high-tech system with information technology as its foundation. But finance is not only a component of the national economy, it is also tool of warfare. It supports wars and national defence, by providing the funds to procure weapons, train troops and develop capabilities, and in the current environment of hybrid threats, it has evolved into an effective weapon of war on its own. Unlike other means of warfare, financial warfare is less bound by geographical limits and more by its critical functions, assets, and liabilities, posing new risks and threats driven by information technology, geopolitics, and financial regulation. Adversaries range from nation-states to terrorist organizations, lone-wolf hackers, rogue employees, foreign corporations, domestic criminals, anarchists, and cyber mercenaries, necessitating a paradigm shift towards a comprehensive approach to defence.

As the global financial landscape continues to evolve, the increasing digitization of financial systems presents new challenges and vulnerabilities. This policy brief outlines key considerations and recommendations for policymakers to enhance the resilience of financial systems against cyber threats, ensuring the long-term stability of the national and global economy.

The modern financial infrastructure is subject to critical systemic risks and vulnerabilities due to its size, links, and speed, generated by a combination of economic, profit driven and legislative factors, and amplified by the heavy reliance on computerized systems, which makes it vulnerable to cyber-attacks and a potential target in hybrid warfare.

a. Too Big to Fail:

In the quest for improved efficiency and profits, financial companies may aggregate and reach significant sizes in terms of market share, becoming integral to the stability of the economy. In case of bankruptcy, their failure would cause significant damage to national or even global economic stability, requiring government intervention to bail out these private firms with public funds. The 2008 financial crisis that started in the US and spread globally was a stark reminder of this significant risk. The causes of that particular event were a combination of excessive risk-taking and inadequate regulatory oversight, but in the current technological and security environment, it is not improbable that a cyberattack could generate similar results. These institutions often handle vast amounts of sensitive financial data and transactions, making them attractive targets for malicious actors seeking to exploit vulnerabilities in their cyber-security defences. If a major financial institution were to suffer a significant cyber breach, it could lead to widespread economic instability, loss of confidence in financial systems, and a domino effect affecting other interconnected institutions.

b. Too Linked to Fail:

Because of the interconnected and interdependent nature of the modern financial infrastructure, a disruption to companies and networks that serve as important economic nodes in the system could lead to widespread damage, a significant blow to investor confidence and financial instability. Financial entities are increasingly interconnected through digital networks, shared platforms, and dependencies on common technologies. When a financial institution becomes too linked to others, the failure or compromise of its cybersecurity defences could propagate throughout the interconnected financial ecosystem, posing systemic risks. This is not a matter of size or market value, as the risk is also generated by smaller institutions, whose distress or failure may ripple across the system because of their linkages or crucial role.

c. Too Fast to Save:

As financial institutions leverage cutting-edge technologies such as high-frequency trading, real-time transactions, and automated processes, the speed at which they operate has become a critical factor in their competitiveness and profitability. However, this rapid pace also introduces vulnerabilities, as failures will propagate quickly and cause widespread damage. These vulnerabilities are enhanced by the fact that many institutions share the same profit driven, short term mindset, that the financial markets are prone to panic and irrational behaviours and engage in similar and interdependent strategies that are modelled on the same biases and assumptions. Financial companies that prioritize speed and profit without adequate cybersecurity measures may find themselves vulnerable to sophisticated cyberattacks that can spread rapidly across their systems. A failure of one participant could create vicious cycles of volatility for the entire financial infrastructure, as actions cascade and generate feedback loops and spillover effects of serious systemic, adverse consequences.

d. Cryptocurrencies:

Cryptocurrencies have emerged as one of the most important financial and technological innovation of the current century, presenting both opportunities and challenges as tools of financial warfare. On the positive side, blockchain technology, which underlies cryptocurrencies, introduces enhanced security features that can be leveraged to improve cybersecurity. The decentralized and tamper-resistant nature of blockchain provides a transparent and immutable ledger, reducing the risk of fraud and unauthorized alterations to transaction records. Additionally, cryptographic techniques employed in cryptocurrencies enhance the privacy and security of financial transactions, providing users with a level of anonymity. Cryptocurrencies can also be leveraged as a tool to raise funds for government authorities, refugees and resistance movements in times of crisis.

However, the rise of cryptocurrencies has also brought about new challenges for cybersecurity. Their decentralized and pseudonymous nature can be an attractive feature for hostile actors seeking to disrupt economic stability and the relative anonymity of cryptocurrency transactions can be exploited to facilitate illicit financial activities, including evading international sanctions, or it can be used as a facilitator of collecting payments in ransomware attacks, for funding clandestine operations, for money laundering and the financing of terrorism.

Moreover, the increasing popularity of initial coin offerings (ICOs) and the creation of new digital tokens have given rise to fraudulent schemes and scams, requiring heightened vigilance from both regulators and users. Beyond the financial repercussions on naïve investors, malicious actors could strategically leverage cryptocurrencies, presenting them as an alternative to the national currencies in a campaign to undermine the trust of the population in the government authorities, central banks and national currency, diminishing resilience. The decentralized and borderless nature of cryptocurrencies also poses challenges for traditional regulatory bodies in tracking and preventing these activities, providing a covert avenue for financial warfare tactics.

e. Central Bank Digital currencies (CBDC):

A Central Bank Digital Currency (CBDC) is a digital form of a country’s national currency that is issued and regulated by the central bank. Unlike cryptocurrencies, which operate on decentralized blockchain networks, CBDCs are centralized and typically utilize a distributed ledger technology under the control of the central bank. The aim of introducing CBDCs is to modernize the existing financial system, enhance efficiency, and address various challenges associated with traditional forms of money.

CBDCs hold the promise of enhancing financial inclusion and efficiency in payments, having the potential to streamline payment systems, reducing transaction costs and settlement times. Moreover, CBDCs offer central banks new tools for implementing monetary policy, enabling more precise control over interest rates and facilitating the implementation of unconventional policies to address economic challenges.

However, CBDCs also prevent risks and vulnerabilities. Beyond the privacy concerns and the potential risks to financial stability if their introduction is improperly managed, one of the major risks associated with a CBDC is related from cybersecurity threats, making them a potential target in case of hybrid warfare. One of the primary concerns is the vulnerability of digital systems to cyberattacks, which could compromise the integrity and security of CBDC transactions. Given that CBDCs rely on advanced digital infrastructure, malicious actors may exploit weaknesses in these systems, leading to unauthorized access, data breaches, and potential financial losses. Additionally, due to the interconnected nature of digital financial platforms, a cyberattack on CBDC infrastructure could have cascading effects, impacting not only the central bank but also financial institutions, businesses, and consumers connected to the digital currency ecosystem. Such an event could disrupt payment systems, erode trust in the digital currency, and create financial instability.

For the sake of the argument, the financial weapons of war can be divided into analog weapons and cyber weapons, both of which can be used for offensive and defensive purposes, but in real life the line between the two categories is increasingly blurred. The high degree of digitalization of modern economies and financial systems leads to the near impossibility to draw a clear line between cyber warfare and financial warfare in respect to the use of financial weapons of war.

Analog financial weapons have long been used in connection with warfare to cut off funding for adversaries and they include economic sanctions, anti-money laundering regulations and banking restrictions.

a. Economic Sanctions:

Economic sanctions are used to cause financial damage to enemies in hot or cold wars, as a form of punitive measures employed by one or more countries against another as a non-military tool of coercion or pressure. The goal is to influence the targeted country’s behaviour by restricting its access to international trade, finance, and resources, with the ultimate aim of altering its policies, practices, or government actions. However, the effectiveness of such measures is controversial, as nations subject to economic sanctions may employ a variety of means, to evade or mitigate the impact of sanctions, including engaging in illicit cyber activities, such as cryptocurrency-related operations, to bypass traditional financial systems and continue conducting international transactions. Economic sanctions can be used in conjunction with cyber offensive capabilities as a tool of hybrid warfare, as they may target the flow of technology, software, and digital services. This can include restrictions on the export or import of specific cybersecurity-related products, which may impact a nation’s ability to secure its networks and systems.

b. Anti-Money Laundering Regulations:

AML regulations focus on identifying and preventing illicit financial transactions, including those related to cybercrime, but they can be also employed to prevent the flow of funds towards terrorist organizations and enemy war efforts. AML regulations can be strategically employed to disrupt the financial activities of entities engaged in warfare, as governments may use these regulations to freeze assets, block transactions, and impose financial sanctions on individuals, organizations, or nations.

Innovations in financial technology, such as blockchain and artificial intelligence, are currently being explored to enhance AML compliance, as these technologies have the potential to improve the detection of suspicious transactions and enhance the traceability of funds.

c. Banking Restrictions:

The use of banking restrictions as a weapon of war involves imposing financial restrictions on a targeted nation or entity or isolating adversaries from the global banking system, to achieve strategic objectives, as a non-military tool to exert pressure, coerce compliance, or punish undesirable actions. The imposition of banking restrictions can contribute to the depreciation of a targeted nation’s currency, decrease in the purchasing power of the population, and may lead to hyperinflation, creating economic instability and social unrest.

Banking restrictions may involve freezing the assets of individuals, entities, or governments associated with the targeted nation, with the aim to disrupt their access to funds and financial resources, limiting their ability to finance military operations, support illicit activities, or sustain their economy. Governments can implement restrictions on financial transactions, including international trade, wire transfers, and currency exchanges, with the purpose of preventing the targeted nation’s ability to conduct normal economic activities, affecting trade, investment, and overall economic stability.

From a cyber-security perspective, banking restrictions can target entities involved in cyber warfare, limiting their access to financial resources. By freezing assets and blocking financial transactions, governments can disrupt the funding mechanisms supporting cyber operations, thereby hindering the development and execution of cyberattacks.

Imposing banking restrictions may also contribute to the financial isolation of the targeted nation, limiting its ability to invest in cybersecurity capabilities. Without access to international financial networks, the targeted nation may struggle to acquire advanced cybersecurity technologies, conduct research, or recruit skilled personnel to bolster its cyber defences.

The threat of banking restrictions has been touted as a deterrent against engaging in malicious cyber activities, as the potential economic consequences, including restricted access to global financial systems, is supposed to discourage nations or entities from conducting cyber warfare due to the anticipated impact on their economy and financial stability. The reality is yet to prove this argument, as state actors still have at their disposal numerous tools to counteract such measures.  However, banking restrictions may prove more effective in preventing the financing of cybercrime activities. By disrupting the flow of funds used to support cybercriminals or state-sponsored hacking groups, governments aim to curb cyber threats and enhance global cybersecurity.

Although all the above financial weapons have a strong cyber component, cyber financial weapons have emerged as a specific category of weapons in modern hybrid warfare, facilitated by the rise and proliferation of the Internet and information technology. In modern hybrid warfare, the first shots of the battle may be fired in cyberspace and target the financial system, as part of grey zone tactics or even preceding a kinetic attack.

d. Distributed Denials-of-Service Attacks:

DDoS attacks are designed to overwhelm the targeted systems with a flood of traffic, rendering them unavailable to legitimate users. Nation-states may use DDoS attacks as part of a broader financial warfare strategy against other nations. By targeting the financial infrastructure of a rival nation, attackers can seek to weaken its economic stability, disrupt financial markets, and gain a strategic advantage in geopolitical conflict.

In the context of financial warfare, adversaries may launch DDoS attacks against the online platforms and services of financial institutions, disrupting their normal operations. This can result in service outages, making it difficult or impossible for customers to access their accounts, conduct transactions, or engage in other financial activities, creating mistrust in public authorities and potentially leading to social unrest, as not many people in the developed countries keep sufficient cash reserves. DDoS attacks can also be used strategically to create chaos and confusion in financial markets, by targeting the online trading platforms or communication networks of stock exchanges. Attackers can disrupt the real-time flow of market information, potentially leading to market manipulation, increased volatility, and financial losses for investors. As financial markets rely heavily on trust and confidence. DDoS attacks can be employed to erode investor confidence by repeatedly disrupting financial services, causing concerns about the reliability and security of the financial infrastructure. This loss of confidence may lead to panic selling, market instability, broader economic repercussions and decreased societal resilience.

e. Data Manipulation Hacks:

Data manipulation hacks or semantic attacks serve as another powerful cyber weapon of financial warfare. They are cyber aggressions that are intended to plunder or maliciously alter data towards destructive ends, as state or non-state actors can penetrate the networks of financial institutions and steal or manipulate critical data.

Attackers may manipulate financial data to influence market sentiment and impact asset prices. By spreading false information about companies, economic indicators, or geopolitical events, they can induce panic selling or buying, leading to market fluctuations. This type of manipulation can be financially advantageous for the attackers or aligned with broader economic or political goals.

Adversaries can compromise financial reporting systems to manipulate corporate financial statements or economic indicators. This false reporting can mislead investors, regulators, and the public about the financial health of companies or entire sectors, potentially leading to financial instability and erosion of investor confidence.

Data manipulation hacks can be used to facilitate insider trading. Attackers may gain unauthorized access to confidential financial information, manipulate data to create a false narrative, and use this information for trading activities before the manipulated data becomes public. This can result in illicit financial gains for the attackers and market disruptions.

Financial institutions rely heavily on accurate and reliable data for decision-making and risk management. Data manipulation attacks targeting these institutions can introduce errors into financial models, risk assessments, and regulatory compliance reports, which can undermine the stability of financial institutions, leading to operational challenges and potential systemic risks.

From a macroeconomic perspective, manipulating economic indicators, such as unemployment rates, inflation figures, or GDP growth, can erode public and investor confidence in a nation’s economic health. False or manipulated economic data can influence monetary policies, investment decisions, and overall economic stability, impacting national and global financial systems. Attackers may also manipulate data to influence the value of a nation’s currency. False reports or rumours about economic conditions, central bank policies, or geopolitical events can trigger currency fluctuations, with profound economic, psychological and societal consequences.

f. Destructive Intrusions:

Destructive intrusion attacks can target the core systems and infrastructure of financial institutions, including banks, stock exchanges, and payment processors. By deploying malware, ransomware, or other destructive tools, an attacker could perform an attack against a critical financial target to disrupt normal operations, leading to service outages, transaction failures, and delays in financial transactions, potentially with the goal of destroying the target before a military attack.

In the case of a non-state attacker, destructive intrusion attacks using ransomware may encrypt critical financial data and demand a ransom for its release. Financial institutions may be coerced into paying significant sums to regain access to their data, leading to financial losses and potential long-term damage to their reputation.

In the case of a state-sponsored attacker, financial warfare can extend to the sabotage of critical infrastructure that supports financial operations, such as data centres, communication networks, and cloud services that financial institutions rely on, crippling the financial industry’s ability to operate effectively.

1. Enhance Cybersecurity Measures:

A key area for enhancing cybersecurity relies on implement and enforcing stringent cybersecurity standards for financial institutions, including regular audits, penetration testing, designing advanced technological stress tests to assess the capabilities and vulnerabilities of IT systems and even by the adoption of advanced technologies such as artificial intelligence and blockchain for improved threat detection and prevention. Enhanced cybersecurity also depends on facilitating collaboration between government agencies, financial institutions, and cybersecurity experts to share threat intelligence, best practices, and coordinate responses to cyber threats.

2. Integrate Analog and Cyber Financial Warfare Strategies:

Analog and cyber weapons used in financial warfare can no longer be separated, consequently an integrated approach is a necessity. Formulating and implementing a comprehensive defence strategy, that specifically addresses the unique challenges posed by the interconnected and digitized financial infrastructure, should be the starting point. This strategy should include guidelines for incident response, information sharing, and international cooperation and should be tailored to address all the comprehensive defence pillars (economic, psychological, social, military, civil, internal security), as they cannot be addressed in a segregated manner.

The next stage should be the development of hybrid warfare response plans, by creating a comprehensive strategic framework that integrate analog and cyber financial warfare measures to respond to potential threats. These plans should involve coordinated efforts across government agencies, military, intelligence, and financial institutions.

Another area of interest for decision makers should be increasing the level of resources to develop and enhance capabilities to counter both analog and cyber financial warfare tactics, including investing in technologies that can detect and mitigate cyber threats, as well as diplomatic efforts to strengthen international norms against economic coercion. As financial warfare and cyber warfare are borderless, no country can tackle this challenge in autarchy. Fostering collaboration with international partners to share intelligence and coordinate responses to hybrid financial warfare threats, establishing clear communication channels to address cross-border challenges and ensuring a unified front against adversaries are just a few of the required steps in this direction.

3. Build Resilience against Cyber Financial Weapons:

The use of analogue and cyber financial war weapons is particularly difficult to counteract, perhaps more so than missiles and bombs, for the fact that countering them requires a long term vision, strategies and determined and correlated measures between the government and private sector. Financial institutions are, by definition, focused on balance sheets, profits and shareholders satisfaction, while enhancing cyber-security and fighting against an enemy attack is lower on their list of short term priorities. Policymakers should design incentives to prompt private businesses to enhance cybersecurity capabilities, such as using tax credits, bonus depreciation, and increased deductions to encourage the replacement of outdated information systems and investment in secure systems. Also, governments can leverage their procurement power to encourage private financial firms to enhance cybersecurity by expressing a contracting preference for firms meeting government cybersecurity benchmarks.

Another recommendation refers to conducting regular cybersecurity drills, in collaboration with government agencies. Organizing simulated cyber warfare exercises for financial institutions, regulatory bodies, and government agencies to test response capabilities and identify areas for improvement is an affordable, proactive approach can enhance readiness for potential cyber financial attacks. On the other hand, governments, and the military in particular, should also be aware of the threat posed by the use of financial tools of warfare and conduct military exercises incorporating serious threats to the financial system, involving both public and private resources to enhance preparedness.

Inter-institutional cooperation is crucial in this respect, requiring the development and implementation of regularly updated and rehearsed contingency plans that outline step-by-step responses to cyber financial attacks, including communication protocols, resource mobilization, and collaboration mechanisms. An efficient framework to encourage information sharing would also be desirable, in order to facilitate the exchange of threat intelligence and best practices among financial institutions, government agencies, and international partners, as well as establishing mechanisms for real-time information sharing during cyber incidents to facilitate swift and coordinated responses.

The modern financial infrastructure, driven by information technology, plays a dual role as both a cornerstone of economic stability and a potent tool of warfare. As financial systems become increasingly digitized, their vulnerability in the face of cyberattacks (by state sponsored entities or profit driven malicious actors) increases. In this context, a paradigm change about what constitutes warfare emerges, requiring a comprehensive approach to defence that encompasses not only technological advancements but also regulatory frameworks, international cooperation, and information sharing. Inter-agency collaboration is essential, as no single entity can address on its own the multifaceted challenges posed by the use of hybrid warfare tools.

Contact Us

MARCYSCOE is based at the Maritime University of Constanta, a Romanian public university that provides cybersecurity bachelor and master programs for the maritime industry.

Follow Us