Cyber drills like Quantum Dawn 2 vital to security in financial sector
Mock exercises can help banks identify weaknesses in their incident response capabilities, analysts say
Computerworld - Cyber exercises, like the Quantum Dawn 2 drill carried out by dozens of Wall Street firms this week, can be useful in helping financial firms close critical gaps in their incident response capabilities, analysts said.
The drill, coordinated by the Securities Industry and Financial Markets Association (SIFMA), involved more than 500 individuals from about 50 organizations, including financial services firms, exchanges, the U.S. Department of the Treasury, the Department of Homeland Security and the FBI.
The one-day exercise simulated a multiple-day period during which companies had to deal with three types of cyberattacks intended to disrupt trading in the U.S. equities market.
The simulated attacks were conducted against a "closed loop system" to ensure that no production systems were affected by the exercise. The participating organizations were required to work from their own locations to mitigate various threats against their networks and to formulate a response in coordination with other financial services firms and government agencies.
The goal was to measure how well the financial sector is able to share cyberthreat information and coordinate with each other to respond to a large-scale cyberattack.
An analysis of how well the firms did in the simulated attack will not be known for several weeks. But the exercise itself was a success, said SIFMA's vice president of financial services operations, Karl Schimmeck, in a statement.
"Cybersecurity is a top priority for the financial industry," Schimmeck noted. "This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack." SIFMA will review the results of the cyber exercise with its members to identify areas for improvement, he said.
Quantum Dawn 2 is the second time that the financial sector has undergone such an exercise. In 2011, the Financial Services Sector Coordinating Council (FSSCC) ran a cyber drill in which Wall Street firms were asked to respond to simulated physical attacks and cyberattacks designed to corrupt the National Market System and publicly reported stock prices and trades.
That exercise showed that while the financial services sector had good plans and procedures for sharing information, its members were less coordinated when making critical decisions such as closing markets in the face of a massive cyberattack.
Avivah Litan, a Gartner analyst, called such tests invaluable for shoring up security in the financial sector, which has come under a series of massive distributed denial of service (DDoS) attacks in recent months.
"I think these cyber exercises are incredibly useful and important, mainly because they uncover gaps and coordination issues in organizational processes," Litan said.
Often, functional silos are major impediments to fast response in cyberattack situations, especially in large organizations, Litan said.
"Several divisions have to coordinate their response in a very timely fashion. This involves, for example, working across divisions for threat intelligence, security operations, network operations and also some hosting service providers."
Exercises like Quantum Dawn 2 allow "organizations to flesh out their internal processes as well as test the technologies and management processes they have for dealing with the attacks," she said.
Simulated cyberattacks are useful given the proliferation of cloud technologies and an increasingly dispersed workforce, said Narsi Kodukula, vice president of product strategy at security vendor CipherCloud. "Given the complexity and rapid nature of the tech evolution, simulations that help identify weaknesses as well as foster information sharing," are vital, he said.
This article, Cyber drills like Quantum Dawn 2 vital to security in financial sector, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Financial IT in Computerworld's Financial IT Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Crafty hackers hack craft stores -- again.
Michaels Stores (NYSE:MIK) has finally confirmed the details of the point-of-sale hack revealed in January. It's unclear what's taken them so long -- the company claims the hack was "highly sophisticated," but everyone uses a blah-blah phrase like that.
Your humble blogwatcher notes that the problem persisted for more than a month after the news first broke. smh.
In IT Blogwatch, bloggers are aghast that, for the second time, the company's POS was hacked -- lasting almost nine months.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- The Big Data Opportunity for HR and Finance
- If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Manufacturing Outlook: Improving time to market, operational effectiveness and innovation in a highly competitive environment
- An enterprise project portfolio management solution can help manufacturers position themselves in the new competitive landscape.
- Time-to-Market: The Need for Speed in the Automotive Industry
- Bringing new vehicles to market quickly has never been more challenging. To bring new models to market on-time and on budget, automakers need...
- Application Rationalization Scorecard: Analysis to Action
- This paper details a proven method, used most recently to evaluate a financial services application portfolio. At the method's core is the scorecard....
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
All Financial IT White Papers
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- All Financial IT Webcasts