Directors' Resource Center
Technical Assistance Video Program
Cyber Challenge: A Community Bank Cyber Exercise
The FDIC created Cyber Challenge: A Community Bank Cyber Exercise to encourage community financial institutions to discuss operational risk issues and the potential impact of information technology disruptions on common banking functions.
- Vignette 1 Farmers & Merchants Bank of Dauerville
Item Processing Failure
A new item processing service provider cannot process the volume of transactions generated by the bank. - Vignette 2 Farmers State Bank of Robertsburgh
Customer Account Takeover
A corporate customer reports unauthorized withdrawals on its account. - Vignette 3 The State Bank of Town City
Bank Internal Error/Phishing and Malware Problem
Bank staff receive a phishing email that appears to have been sent by the institution's president. - Vignette 4 People's State Bank of Morello
Technology Service Provider Problem
Problems ensue after the financial institution's service provider updates its system. - Vignette 5 Farmers Bank of Westburg
Distributed Denial of Service (DDoS) Attack
The bank IT manager investigates a possible DDoS attack and discovers a second attack that steals data from the institution. - Vignette 6 Farmers State Bank of Robertsburgh
Automated Teller Machine (ATM) Malware
ATM malware reveals deficiencies in a bank's service provider contract. - Vignette 7 People's State Bank of Morello
Ransomware
A cyber-attack has taken place, and important files are being held for ransom. - Vignette 8 Eau Rapides Bank
Flood
Communications problems ensue after the bank’s data center floods. - Vignette 9 Bank of Lieferkette
Supply Chain
Third-party software update infects the bank’s system, disrupting core processing and steals data.
Suggested Guidelines and Ground Rules
Institutions may use a free-flowing or facilitated discussion of the vignettes. Here are guidelines for organizing a discussion and suggested ground rules. Participants in the Cyber Challenge should treat it as a data-gathering event and follow a non-attribution policy. Participants may want to record their discussions during the exercise to help compile lessons learned and identify areas for improvement.
Vignette 1 Farmers & Merchants Bank of Dauerville
Item Processing Failure
A new item processing service provider cannot process the volume of transactions generated by the bank.
Approximate run time: 03:47
Challenge Materials - PDF
Vignette 2 Farmers State Bank of Robertsburgh
Customer Account Takeover
A corporate customer reports unauthorized withdrawals on its account.
Approximate run time: 02:46
Challenge Materials - PDF
Vignette 3 The State Bank of Town City
Bank Internal Error/Phishing and Malware Problem
Bank staff receive a phishing email that appears to have been sent by the institution's president.
Approximate run time: 01:36
Challenge Materials - PDF
Vignette 4 People's State Bank of Morello
Technology Service Provider Problem
Problems ensue after the financial institution's service provider updates its system.
Approximate run time: 02:27
Challenge Materials - PDF
Vignette 5 Farmers Bank of Westburg
Distributed Denial of Service (DDoS) Attack
The bank IT manager investigates a possible DDoS attack and discovers a second attack that steals data from the institution.
Approximate run time: 03:55
Vignette 6 Farmers State Bank of Robertsburgh
Automated Teller Machine (ATM) Malware
ATM malware reveals deficiencies in a bank's service provider contract.
Approximate run time: 04:29
Vignette 7 People's State Bank of Morello
Ransomware
A cyber-attack has taken place, and important files are being held for ransom.
Approximate run time: 04:43
Vignette 8 Eau Rapides Bank
Flood
Communications problems ensue after the bank’s data center floods.
Approximate run time: 03:16
Vignette 9 Bank of Lieferkette
Supply Chain
Third-party software update infects the bank’s system, disrupting core processing and steals data.
Approximate run time: 03:56