Wall Street played its own version of war games on Thursday, testing its defences against simulated cyber-attacks bent on taking down US stock exchanges.
A total of 500 people took part in the exercise, called Quantum Dawn 2, in offices across 50 financial institutions and government agencie
“The exercise was completed successfully with robust engagement from all participants,” the Securities Industry and Financial Markets Association (SIFMA) said in a statement.
Participants included banks, insurance companies, brokers, hedge funds and exchanges. The Department of Homeland Security (DHS), the Treasury Department, the Securities and Exchange Commission (SEC) and the Federal Bureau of Investigation (FBI) also participated.
At stake is the preparedness of Wall Street to fend off cyber-attackers hoping to disrupt the nation’s economy by disrupting US markets. The exercise tested the players’ crisis response plans and mitigation techniques, as well as electronic and telephone communications between institutions and coordination with government agencies.
Experts have said that the ability of institutions to share information during a cyber-crisis with each other and the government is key to winning an electronic assault.
“Having that human network practiced and exercised in any type of disaster simulation is critical,” said Rich Bolstridge, chief strategist for financial services at Akamai Technologies. Akamai, which did not participate in the tests, provides security services to many financial institutions.
No production systems were used in the exercises. Instead, separate software simulated three major attacks that attempted over a “multi-day period” to take down stock markets.
Further attack details were not disclosed. SIFMA plans to release next month a report that will include recommendations on improving Wall Street’s response to a cyber-crisis.
Financial institutions are sure to find holes in their defences as a result of the tests, which supporters say is a good reason for having these types of simulations regularly.
“Cyber-security as a whole is an arms race,” Bolstridge said. “The attackers are constantly evolving their techniques, so the defences have to be [continuously] raised, coordinated and put in place.”
Where the first Quantum Dawn exercises in 2011 had all participants in one conference room, the latest has all the players in their own offices, which forces them to use real forms of communications, such as phones, email and instant messaging.
Since last September, Wall Street has been fending off several waves of distributed denial of service attacks from a self-proclaimed Islamic hactivist group that government officials believe originates from Iran. While the attacks have failed to cause major disruptions, they have forced banks to spend more on their defences and to share information for their collective good, experts say.
Normally hesitant to provide data to rivals, the financial institutions have come to the conclusion the damage from a successful cyber-attack is greater than competitive advantage.