Cyber exercises, like the Quantum Dawn 2 drill carried out by dozens of Wall Street firms this week, can be useful in helping financial firms close critical gaps in their incident response capabilities, analysts said.
The drill, coordinated by the Securities Industry and Financial Markets Association (SIFMA), involved more than 500 individuals from about 50 organizations, including financial services firms, exchanges, the U.S. Department of the Treasury, the Department of Homeland Security and the FBI.
The one-day exercise simulated a multiple-day period during which companies had to deal with three types of cyberattacks intended to disrupt trading in the U.S. equities market.
The simulated attacks were conducted against a "closed loop system" to ensure that no production systems were affected by the exercise. The participating organizations were required to work from their own locations to mitigate various threats against their networks and to formulate a response in coordination with other financial services firms and government agencies.
The goal was to measure how well the financial sector is able to share cyberthreat information and coordinate with each other to respond to a large-scale cyberattack.
An analysis of how well the firms did in the simulated attack will not be known for several weeks. But the exercise itself was a success, said SIFMA's vice president of financial services operations, Karl Schimmeck, in a statement.
"Cybersecurity is a top priority for the financial industry," Schimmeck noted. "This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack." SIFMA will review the results of the cyber exercise with its members to identify areas for improvement, he said.
Quantum Dawn 2 is the second time that the financial sector has undergone such an exercise. In 2011, the Financial Services Sector Coordinating Council (FSSCC) ran a cyber drill in which Wall Street firms were asked to respond to simulated physical attacks and cyberattacks designed to corrupt the National Market System and publicly reported stock prices and trades.
That exercise showed that while the financial services sector had good plans and procedures for sharing information, its members were less coordinated when making critical decisions such as closing markets in the face of a massive cyberattack.
Avivah Litan, a Gartner analyst, called such tests invaluable for shoring up security in the financial sector, which has come under a series of massive distributed denial of service (DDoS) attacks in recent months.
"I think these cyber exercises are incredibly useful and important, mainly because they uncover gaps and coordination issues in organizational processes," Litan said.
Often, functional silos are major impediments to fast response in cyberattack situations, especially in large organizations, Litan said.
"Several divisions have to coordinate their response in a very timely fashion. This involves, for example, working across divisions for threat intelligence, security operations, network operations and also some hosting service providers."
Exercises like Quantum Dawn 2 allow "organizations to flesh out their internal processes as well as test the technologies and management processes they have for dealing with the attacks," she said.
Simulated cyberattacks are useful given the proliferation of cloud technologies and an increasingly dispersed workforce, said Narsi Kodukula, vice president of product strategy at security vendor CipherCloud. "Given the complexity and rapid nature of the tech evolution, simulations that help identify weaknesses as well as foster information sharing," are vital, he said.
This article, Cyber drills like Quantum Dawn 2 vital to security in financial sector, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.