A simulated cyber attack with the Hollywood-esque title Quantum Dawn 2 will bombard the defenses of American banks on June 28 – in an exercise designed to test how Wall Street would endure a sustained hi-tech assault.
The attack will target fake trading platforms which are not connected to actual markets, and will run from 9am to 2.30pm. The simulation is designed not only to test how individual banks respond to a sustained attack from multiple threats, but how they work together. It follows a successful exercise in November 2011.
The simulation uses testing software known as Distributed Environment for Critical Infrastructure Decision-making Exercises – Finance Sector (DECIDE-FS), and involves more than 50 banks, according to PC Magazine.
Organised by the trade organization Securities Industry and Financial Markets Association (SIFMA), the exercise is designed to “test incident response, resolution and coordination processes for the financial services sector and the individual member firms to a street-wide cyber attack.”
“We go through a pretty rigorous scenario where we look at multiple threats being thrown out at the U.S. equity markets,” said Karl Schimmeck, vice president of financial services operations at SIFMA in an interview. “What makes cyber so unique is that you have a living, breathing adversary on the other side.”
The one-day exercise will simulate multiple trading days, according to SIFMA, and will test “market open and close” decisions, as well as simulating “the loss of critical infrastructure within the financial services industry”.
“Our SIFMA command center at some point will run an escalation process,” said Schimmeck. “Our members will say, ‘We think we see a threat out there, this is something multiple firms are dealing with.’ We will facilitate a conference call where we share what we know, have our regulators participate and see if we can understand a threat, deal with a threat and then do a shared analysis so that no one is working on their own.”
SIFMA said in a statement, “We expect this exercise to improve the readiness of sector as a whole to respond to a street-wide cyber attack and allow each participating firm to test their internal coordination mechanisms and processes to maintain business resiliency.”
Author Rob Waugh, We Live Security