Cyber drills like Quantum Dawn 2 vital to security in financial sector
Mock exercises can help banks identify weaknesses in their incident response capabilities, analysts say
Computerworld - Cyber exercises, like the Quantum Dawn 2 drill carried out by dozens of Wall Street firms this week, can be useful in helping financial firms close critical gaps in their incident response capabilities, analysts said.
The drill, coordinated by the Securities Industry and Financial Markets Association (SIFMA), involved more than 500 individuals from about 50 organizations, including financial services firms, exchanges, the U.S. Department of the Treasury, the Department of Homeland Security and the FBI.
The one-day exercise simulated a multiple-day period during which companies had to deal with three types of cyberattacks intended to disrupt trading in the U.S. equities market.
The simulated attacks were conducted against a "closed loop system" to ensure that no production systems were affected by the exercise. The participating organizations were required to work from their own locations to mitigate various threats against their networks and to formulate a response in coordination with other financial services firms and government agencies.
The goal was to measure how well the financial sector is able to share cyberthreat information and coordinate with each other to respond to a large-scale cyberattack.
An analysis of how well the firms did in the simulated attack will not be known for several weeks. But the exercise itself was a success, said SIFMA's vice president of financial services operations, Karl Schimmeck, in a statement.
"Cybersecurity is a top priority for the financial industry," Schimmeck noted. "This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack." SIFMA will review the results of the cyber exercise with its members to identify areas for improvement, he said.
Quantum Dawn 2 is the second time that the financial sector has undergone such an exercise. In 2011, the Financial Services Sector Coordinating Council (FSSCC) ran a cyber drill in which Wall Street firms were asked to respond to simulated physical attacks and cyberattacks designed to corrupt the National Market System and publicly reported stock prices and trades.
That exercise showed that while the financial services sector had good plans and procedures for sharing information, its members were less coordinated when making critical decisions such as closing markets in the face of a massive cyberattack.
Avivah Litan, a Gartner analyst, called such tests invaluable for shoring up security in the financial sector, which has come under a series of massive distributed denial of service (DDoS) attacks in recent months.
"I think these cyber exercises are incredibly useful and important, mainly because they uncover gaps and coordination issues in organizational processes," Litan said.
Often, functional silos are major impediments to fast response in cyberattack situations, especially in large organizations, Litan said.
"Several divisions have to coordinate their response in a very timely fashion. This involves, for example, working across divisions for threat intelligence, security operations, network operations and also some hosting service providers."
Exercises like Quantum Dawn 2 allow "organizations to flesh out their internal processes as well as test the technologies and management processes they have for dealing with the attacks," she said.
Simulated cyberattacks are useful given the proliferation of cloud technologies and an increasingly dispersed workforce, said Narsi Kodukula, vice president of product strategy at security vendor CipherCloud. "Given the complexity and rapid nature of the tech evolution, simulations that help identify weaknesses as well as foster information sharing," are vital, he said.
This article, Cyber drills like Quantum Dawn 2 vital to security in financial sector, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Financial IT in Computerworld's Financial IT Topic Center.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
China says to Chiang Kai-shek all Bitcoins at the door.
China marches long and hard over internal financial institutions, proclaiming that Bitcoins "should not and cannot be used as a currency". The news sent Bitcoin exchanges into a dive like cormorants in the deep China Sea. But all is not lost -- or is it? Bitcoins have been bubbling back to the surface, or has China's stance drained all enthusiasm? In IT Blogwatch, fearless leaders and bloggers quote pearls of wisdom from the little red book of Bitcoin. Not to mention: Financial advice from Whiz and Ice...
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Make or Break: New Auto Products Must Go To Market On Time
- This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- Stock Shock: The effect of project and portfolio management on share price
- In this independent report, you'll see the intrinsic connection between long-term capital investment and short term market performance -- and how this can...
- Hedge Your Bets
- This report explains how visibility and increased governance is key to reducing risk.
- In the Firing Line
- CEOs Are Increasingly Being Held Accountable; How susceptible is the CEO's reputation to poor performance across the project portfolio?
- The CISO's Guide To Virtualization Security
- This guide describes the security challenges within virtualized environments and shows how to apply the concepts of Forrester's Zero Trust Model of information... All Financial IT White Papers
- Live Webcast Research Report: The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Live Webcast The Freedom to Run Your Business Your Way Vendors are challenged to create flexible systems that customers can tailor to particular business strategies and industry needs. But the flexibility should not...
- Live Webcast The Business Value of Human Capital Management for Finance View now >>
- HR and Finance Were made for Each Other View now >>
- The Value of Human Capital for Finance Professionals View now >>
- The Business Value of Human Capital Management for Finance View now >>
- The Freedom to Run Your Business Your Way Vendors are challenged to create flexible systems that customers can tailor to particular business strategies and industry needs. But the flexibility should not...
- Research Report: The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- All Financial IT Webcasts
Computerworld's Best Places to Work in IT 2013 list featured Quicken Loans, Securian, Vanguard and other top finance organizations. Honorees say the distinction helps them recruit top talent and boost staff morale.
Want to join this elite group? Nominate your organization for our 2014 list.