Wall Street banks train for cyber attack

2013-10-21 16:31
<a href=\\\\\\\\http://www.shutterstock.com\\\\\\\\>Shutterstock</a>


Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

New York - A few months ago, a group of Wall Street banks fashioned a risk-manager's worst nightmare to determine how they would survive. Luckily, it was all pretend.

In a staged simulation called Quantum Dawn 2, bank executives in charge of operations, technology and crisis planning were tasked with detecting how a massive cyber attack was unfolding in the markets - but each one only got to see a tiny red flag waving in a sea of information.

In some cases, a blue-chip stock started to plummet inexplicably. Soon, shocking news about the company hit the market, but unbeknownst to the participant, the news was fake.

For others, trading systems were on the fritz, or government websites stopped functioning. Even basic technology such as telephones and printers stopped working properly for some.

Individually, any of these problems would be reason to worry. The challenge for Quantum Dawn 2's victims was not only spotting a problem, but communicating with rivals, exchanges and government authorities to conclude that markets were in the throes of a systemic crisis and needed to be shut down.

"It didn't all happen at once - each attack affected firms differently," said Karl Schimmeck, vice president of Financial Services Operations at the Securities Industry and Financial Markets Association (SIFMA), a Wall Street trade group that oversaw the event in conjunction with Deloitte & Touche LLP.

"Some firms would see a problem, some firms wouldn't, and some firms only 'see' it second-hand because they're communicating with each other."

Banks are one of the biggest targets for cyber attacks, which have occurred more frequently over the past two years, security experts said.

The most visible attacks affect customers' access to websites through a distributed denial of service - or "DDOS" - attack. But banks are also worried about more insidious attacks, in which hackers quietly infiltrate systems to swipe valuable data, or lie in wait to plow across the entire industry with a systemic attack - the doomsday scenario Quantum Dawn 2 participants want to avoid.

One key lesson from the drill was that the private sector and government authorities must share information more freely and quickly, said Ed Powers, the national managing principal of Deloitte & Touche's security and privacy practice. While firms have detailed information about individual attacks, authorities can help prevent a crisis by sharing information about broader threats when appropriate, he said.

Systemic issue

"Cyber attacks that manifest in different organisations can become a systemic issue," said Powers.

The industry also needs to put in place better guidelines to determine whether risks are systemic, and to formalise procedures for deciding whether to close markets, he added.

Quantum Dawn 2 took place on 18 July after being delayed to accommodate the large number of firms that wanted to participate. It was the second time the industry had organised such an event, which required 10 months of planning and tens of thousands of dollars to orchestrate. SIFMA plans to perform an industry-wide drill every two years, with more limited attack simulations in the interim, said Schimmeck.

In addition to big banks such as Bank of America and Goldman Sachs Group, there were 50 participants, including major exchanges, clearing-houses, the US Treasury Department, the Securities and Exchange Commission, the Department of Homeland Security and the Federal Bureau of Investigation.

Representatives from SIFMA and Deloitte were stationed at three hubs in New York, Washington and Chicago, where attacks were being deployed and amplified at different times during the day, and where conference calls were hosted for participants to decide how to react to various threats.

The SIFMA staff member who came up with the name Quantum Dawn did so after being inspired by a movie, said Schimmeck. People involved in Quantum Dawn drills said its name was a big selling point, because it evoked the adrenaline rush of watching an action movie.

"For a simulation, it did a very good job of creating the sense of urgency that you'd expect to see in a real-world cyber attack," said Powers.

Read more on:    us  |  online security  |  internet

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24


Book flights

Compare, Book, Fly

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.