Beginning at about 9 a.m. ET
Thursday, the country's largest financial institutions will endure a
large-scale coordinated cyberattack test to probe vulnerabilities.
About 50 institutions -- including banks like JPMorgan Chase and Bank of America and
government agencies like the U.S. Treasury -- will participate in the exercise,
called "Quantum Dawn 2."
The idea is to simulate what would happen if hackers
penetrated certain systems in financial companies and agencies. If breached,
infections could, in theory impact the entire gamut of the sector from
exchanges to brokerages to insurance companies.
The Securities Industry and Financial Markets Association
(SIFMA), a trade group, will orchestrate the exercise. The simulated attack
will run from 9 a.m. to about 3 p.m. today, crunching about two and a half days
worth of faux attacks those hours. No real systems or accounts will be impacted
during the simulation.
To take part in the drills, each of the participating
institutions will be running software developed by Cyber Strategies, a
Northfield, Vt., firm that specializes in making cyber exercise software for
financial institutions.
Karl Schimmeck, SIFMA's vice president of financial services
operations, declined to share specifics of what exactly the simulated threats
would look like, but similar drills in the past have looked like a giant,
computerized version of roleplaying game Dungeons and Dragons.
An employee sitting at his desk might get a prompt saying,
"this bank is having integrity issues with money," or "you cant
make trades over this technical system." The employee then might role-play
talking to an FBI agent -- likely an actual one enlisted to help with the
drill, said Dave Aitel, CEO of the security firm Immunity, who formerly worked
as a research scientist for the National Security Agency.
Institutions will have the opportunity to practice sharing information
with one another during the drill to help navigate through the threats,
Schimmeck said.
The financial sector is hoping to prepare itself for a massive, disruptive attack -- a
growing concern lately, as "hacktivists," organized cybercriminals
and government-spnosored attacks become increasingly large and successful. Though still a far-off doomsday
scenario, some security industry experts say the financial sector is vulnerable
to cyber-terrorists aiming to damage the U.S. economy.
In a digitized world, every sector needs to worry about cyber
breaches, but the financial sector is in a "uniquely bad position,"
said Aitel. That's because banks and other financial institutions have to do
deal with money flows in real time, with markets hanging in the balance.
"Our industry has been the target of many attacks over
the past year, and it's important that we stay one step ahead," said
Schimmeck.
SIFMA said that Thursday's drills attracted twice the number
of financial institutions that participated in first Quantum Dawn exercise,
held in 2011.
Though some skeptical security experts dismissed Quantum Dawn
as a PR stunt, SIFMA said the first run was useful in uncovering flaws in the
industry's cyberattack protocols. The trade group found that banks were largely
good at sharing information with one another, but bad at making real-time
critical decisions for mitigating the threats.
This time around, banks are hoping to improve their
performance and discover new vulnerabilities.
"The banks won't answer all of their questions,"
said Aitel. "But they will learn more about what kinds of questions they
need to ask.
By Richard Nieva @CNNMoney July 18, 2013