Skip Header
U.S. flag

An official website of the United States government

Directors' Resource Center
Technical Assistance Video Program

Cyber Challenge: A Community Bank Cyber Exercise

The FDIC created Cyber Challenge: A Community Bank Cyber Exercise to encourage community financial institutions to discuss operational risk issues and the potential impact of information technology disruptions on common banking functions.


Suggested Guidelines and Ground Rules

Institutions may use a free-flowing or facilitated discussion of the vignettes. Here are guidelines for organizing a discussion and suggested ground rules. Participants in the Cyber Challenge should treat it as a data-gathering event and follow a non-attribution policy. Participants may want to record their discussions during the exercise to help compile lessons learned and identify areas for improvement.


Vignette 1 Farmers & Merchants Bank of Dauerville

Item Processing Failure
A new item processing service provider cannot process the volume of transactions generated by the bank.

Approximate run time: 03:47

Link to YouTube Video

Challenge Materials - PDF


Vignette 2 Farmers State Bank of Robertsburgh

Customer Account Takeover
A corporate customer reports unauthorized withdrawals on its account.

Approximate run time: 02:46

Link to YouTube Video

Challenge Materials - PDF


Vignette 3 The State Bank of Town City

Bank Internal Error/Phishing and Malware Problem
Bank staff receive a phishing email that appears to have been sent by the institution's president.

Approximate run time: 01:36

Link to YouTube Video

Challenge Materials - PDF


Vignette 4 People's State Bank of Morello

Technology Service Provider Problem
Problems ensue after the financial institution's service provider updates its system.

Approximate run time: 02:27

Link to YouTube Video

Challenge Materials - PDF


Vignette 5 Farmers Bank of Westburg

Distributed Denial of Service (DDoS) Attack
The bank IT manager investigates a possible DDoS attack and discovers a second attack that steals data from the institution.

Approximate run time: 03:55

Link to YouTube Video

Challenge Materials - PDF


Vignette 6 Farmers State Bank of Robertsburgh

Automated Teller Machine (ATM) Malware
ATM malware reveals deficiencies in a bank's service provider contract.

Approximate run time: 04:29

Link to YouTube Video

Challenge Materials - PDF


Vignette 7 People's State Bank of Morello

Ransomware
A cyber-attack has taken place, and important files are being held for ransom.

Approximate run time: 04:43

Link to YouTube Video

Challenge Materials - PDF


Vignette 8 Eau Rapides Bank

Flood
Communications problems ensue after the bank’s data center floods.

Approximate run time: 03:16

Link to YouTube Video

Challenge Materials - PDF


Vignette 9 Bank of Lieferkette

Supply Chain
Third-party software update infects the bank’s system, disrupting core processing and steals data.

Approximate run time: 03:56

Link to YouTube Video

Challenge Materials - PDF