We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.
Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.
We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.
Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.
Establishing a two-lens methodology that helps keep people’s money safe throughout the mobile digital financial services ecosystem
Mobile digital financial services (mDFS) play a critical role in economies in developing countries. From paying for goods to receiving government benefits or compensation for work, in these areas of the world, cell phones and mobile apps are an essential component of the financial transaction system. MITRE Engenuity’s now-completed pilot program addressed the critical need for cybersecurity risk mitigation across the ecosystem.
Innovation in Action
Across the globe, many financial services are accessed using mobile phones, including:
point-of-sale purchases
sending money to friends or family
insurance and savings
digital wallet usage
app-based transactions (e.g., ride share, food delivery, bill paying)
As more people adopt “mobile money,” the risk of compromised transactions increases. The scope of mDFS is incredibly complex, involving a multitude of factors – socioeconomic, cultural, and technical – and many stakeholders, including wireless companies, banks, app developers, agent networks, governments, and more. Therefore, protecting mDFS becomes a multi-faceted challenge. To address the varied approaches of participants in the fintech ecosystem, MITRE Engenuity’s team set out to create a decision tool (cyber risk model) to help direct industry and government toward solutions-oriented investments.
Diving into these factors and exploring where risk could be assessed and how guidance could be provided to mitigate those risks
What We Did
Our project was designed to offer guidance for those looking to fortify their mDFS ecosystem and provide safer, more reliable storage and transfer of money. This was done by exploring questions such as:
What level of access to the internet do people in an area have?
What kinds of technologies are prominent among service providers in the country’s mobile money ecosystem?
Do citizens have access to smart phones?
What kind of policies are currently incentivizing or impeding access to mobile money?
Does the country have a national identity system that facilitates secure banking?
Is a nation experiencing political or societal struggles that may affect citizens’ access to mDFS?
What stakeholders in the country influence mobile money access—banks, government, network operators, start-ups?
Are any licensing requirements in place that address security?
By addressing these questions and others, our cyber risk model can produce recommendations on resource investments tailored to the specific risks most likely to affect secure access to mobile digital financial systems. In identifying these recommendations, our interactive digital cyber risk model tool uses a two-lens (technical and policy/governance) approach to estimate the impact of—and offer mitigants for—eight different kinds of threats to mobile digital financial systems.
By identifying key aspects of their ecosystem, users of the model can discover recommendations tailored to their country’s unique technology and policy environment that will reduce risk, improve access, and increase trust.
Impact
Secure access to money is essential for individuals to achieve political stability, gender equity, and economic advancement. Where traditional banking services are not available to many people, or have other barriers to use, mobile digital financial services can dramatically improve this access. Particularly in developing countries, people are increasingly using mobile devices to receive, transfer, and save money—but they are not always aware of the risks associated with these technologies. Recognizing the importance of mDFS, and the wide range of potential vulnerabilities associated with it, many stakeholders are looking for ways to improve access while reducing risk. Our Cyber Risk Model prototype is a decision tool that accounts for hundreds of factors within a highly complex ecosystem to evaluate risks to people, hardware, and software—and offer solutions.