Cyber drills like Quantum Dawn 2 vital to security in financial sector
Mock exercises can help banks identify weaknesses in their incident response capabilities, analysts say
Computerworld - Cyber exercises, like the Quantum Dawn 2 drill carried out by dozens of Wall Street firms this week, can be useful in helping financial firms close critical gaps in their incident response capabilities, analysts said.
The drill, coordinated by the Securities Industry and Financial Markets Association (SIFMA), involved more than 500 individuals from about 50 organizations, including financial services firms, exchanges, the U.S. Department of the Treasury, the Department of Homeland Security and the FBI.
The one-day exercise simulated a multiple-day period during which companies had to deal with three types of cyberattacks intended to disrupt trading in the U.S. equities market.
The simulated attacks were conducted against a "closed loop system" to ensure that no production systems were affected by the exercise. The participating organizations were required to work from their own locations to mitigate various threats against their networks and to formulate a response in coordination with other financial services firms and government agencies.
The goal was to measure how well the financial sector is able to share cyberthreat information and coordinate with each other to respond to a large-scale cyberattack.
An analysis of how well the firms did in the simulated attack will not be known for several weeks. But the exercise itself was a success, said SIFMA's vice president of financial services operations, Karl Schimmeck, in a statement.
"Cybersecurity is a top priority for the financial industry," Schimmeck noted. "This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack." SIFMA will review the results of the cyber exercise with its members to identify areas for improvement, he said.
Quantum Dawn 2 is the second time that the financial sector has undergone such an exercise. In 2011, the Financial Services Sector Coordinating Council (FSSCC) ran a cyber drill in which Wall Street firms were asked to respond to simulated physical attacks and cyberattacks designed to corrupt the National Market System and publicly reported stock prices and trades.
That exercise showed that while the financial services sector had good plans and procedures for sharing information, its members were less coordinated when making critical decisions such as closing markets in the face of a massive cyberattack.
Avivah Litan, a Gartner analyst, called such tests invaluable for shoring up security in the financial sector, which has come under a series of massive distributed denial of service (DDoS) attacks in recent months.
"I think these cyber exercises are incredibly useful and important, mainly because they uncover gaps and coordination issues in organizational processes," Litan said.
Often, functional silos are major impediments to fast response in cyberattack situations, especially in large organizations, Litan said.
"Several divisions have to coordinate their response in a very timely fashion. This involves, for example, working across divisions for threat intelligence, security operations, network operations and also some hosting service providers."
Exercises like Quantum Dawn 2 allow "organizations to flesh out their internal processes as well as test the technologies and management processes they have for dealing with the attacks," she said.
Simulated cyberattacks are useful given the proliferation of cloud technologies and an increasingly dispersed workforce, said Narsi Kodukula, vice president of product strategy at security vendor CipherCloud. "Given the complexity and rapid nature of the tech evolution, simulations that help identify weaknesses as well as foster information sharing," are vital, he said.
This article, Cyber drills like Quantum Dawn 2 vital to security in financial sector, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Financial IT in Computerworld's Financial IT Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Something-something “LASER” something-something-something.
The MtGox Bitcoin exchange is bankrupt. Not a huge surprise, but insiders are also alleging chronic incompetence within the company, flowing from the CEO, Mark Karpeles. Supposed hackers have also leaked some PHP code that appears to substantiate those allegations. But could it all be an elaborate ruse to steal customers'
MtGox Co., Ltd. is now aiming for "civil rehabilitation" in a Tokyo District Court (similar to Chapter 11 bankruptcy protection in the U.S.).
In IT Blogwatch, bloggers release the frickin’ ill-tempered, mutated sea bass.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Accelerating Speed to Market in the Highly Competitive Automotive Industry
- This White Paper discusses how an Enterprise Project Portfolio Management solution optimizes project analysis, management, reporting and risk mitigation processes to accelerate new...
- ERP in the Cloud and the Modern Business
- View IDC's White Paper, to review IDC CloudTrack Survey findings, gain expert insight into the challenges and opportunities the cloud presents, and determine...
- Financial Security: What smaller Institutions can learn from DDoS attacks on big banks
- Since last fall, several waves of distributed denial of service (DDoS) attacks have targeted major players in the U.S. banking industry. JPMorgan Chase,...
- HP HAVEn: See the big picture in Big Data
- HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data... All Financial IT White Papers
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- All Financial IT Webcasts