We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Wall Street batters defenses in make-believe cybercrisis

Wall Street played its own version of war games on Thursday, testing its defenses against simulated cyberattacks bent on taking down U.S. stock exchanges.

A total of 500 people took part in the exercise, called Quantum Dawn 2, in offices across 50 financial institutions and government agencies.

"The exercise was completed successfully with robust engagement from all participants," the Securities Industry and Financial Markets Association (SIFMA) said in a statement.

Participants included banks, insurance companies, brokers, hedge funds and exchanges. The Department of Homeland Security (DHS), the Treasury Department, the Securities and Exchange Commission (SEC) and the Federal Bureau of Investigation (FBI) also participated.

At stake is the preparedness of Wall Street to fend off cyberattackers hoping to disrupt the nation's economy by disrupting U.S. markets. The exercise tested the players' crisis response plans and mitigation techniques, as well as electronic and telephone communications between institutions and coordination with government agencies.

Experts have said that the ability of institutions to share information during a cyber-crisis with each other and the government is key to winning an electronic assault.

"Having that human network practiced and exercised in any type of disaster simulation is critical," said Rich Bolstridge, chief strategist for financial services at Akamai Technologies. Akamai, which did not participate in the tests, provides security services to many financial institutions.

No production systems were used in the exercises. Instead, separate software simulated three major attacks that attempted over a "multi-day period" to take down stock markets.

[Also see: NIST closer to critical infrastructure cybersecurity framework]

Further attack details were not disclosed. SIFMA plans to release next month a report that will include recommendations on improving Wall Street's response to a cyber-crisis.

Financial institutions are sure to find holes in their defenses as a result of the tests, which supporters say is a good reason for having these types of simulations regularly.

"Cybersecurity as a whole is an arms race," Bolstridge said. "The attackers are constantly evolving their techniques, so the defenses have to be [continuously] raised, coordinated and put in place."

Where the first Quantum Dawn exercises in 2011 had all participants in one conference room, the latest has all the players in their own offices, which forces them to use real forms of communications, such as phones, email and instant messaging.

Since last September, Wall Street has been fending off several waves of distributed denial of service attacks from a self-proclaimed Islamic hactivist group that government officials believe originates from Iran. While the attacks have failed to cause major disruptions, they have forced banks to spend more on their defenses and to share information for their collective good, experts say.

Normally hesitant to provide data to rivals, the financial institutions have come to the conclusion the damage from a successful cyberattack is greater than competitive advantage.

Read more about emergency preparedness in CSOonline's Emergency Preparedness section.

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model