Wall Street batters defenses in make-believe cybercrisis

Wall Street played its own version of war games on Thursday, testing its defenses against simulated cyberattacks bent on taking down U.S. stock exchanges.

A total of 500 people took part in the exercise, called Quantum Dawn 2, in offices across 50 financial institutions and government agencies.

"The exercise was completed successfully with robust engagement from all participants," the Securities Industry and Financial Markets Association (SIFMA) said in a statement.

Participants included banks, insurance companies, brokers, hedge funds and exchanges. The Department of Homeland Security (DHS), the Treasury Department, the Securities and Exchange Commission (SEC) and the Federal Bureau of Investigation (FBI) also participated.

At stake is the preparedness of Wall Street to fend off cyberattackers hoping to disrupt the nation's economy by disrupting U.S. markets. The exercise tested the players' crisis response plans and mitigation techniques, as well as electronic and telephone communications between institutions and coordination with government agencies.

Experts have said that the ability of institutions to share information during a cyber-crisis with each other and the government is key to winning an electronic assault.

"Having that human network practiced and exercised in any type of disaster simulation is critical," said Rich Bolstridge, chief strategist for financial services at Akamai Technologies. Akamai, which did not participate in the tests, provides security services to many financial institutions.

No production systems were used in the exercises. Instead, separate software simulated three major attacks that attempted over a "multi-day period" to take down stock markets.

[Also see: NIST closer to critical infrastructure cybersecurity framework]

Further attack details were not disclosed. SIFMA plans to release next month a report that will include recommendations on improving Wall Street's response to a cyber-crisis.

Financial institutions are sure to find holes in their defenses as a result of the tests, which supporters say is a good reason for having these types of simulations regularly.

"Cybersecurity as a whole is an arms race," Bolstridge said. "The attackers are constantly evolving their techniques, so the defenses have to be [continuously] raised, coordinated and put in place."

Where the first Quantum Dawn exercises in 2011 had all participants in one conference room, the latest has all the players in their own offices, which forces them to use real forms of communications, such as phones, email and instant messaging.

Since last September, Wall Street has been fending off several waves of distributed denial of service attacks from a self-proclaimed Islamic hactivist group that government officials believe originates from Iran. While the attacks have failed to cause major disruptions, they have forced banks to spend more on their defenses and to share information for their collective good, experts say.

Normally hesitant to provide data to rivals, the financial institutions have come to the conclusion the damage from a successful cyberattack is greater than competitive advantage.

Read more about emergency preparedness in CSOonline's Emergency Preparedness section.

Tags disaster recoverysoftwareapplicationsBusiness Continuitywall streetDepartment of Homeland SecurityCyberattackBusiness Continuity | Emergency PreparednessQuantum Dawn 2

Show Comments