Cyber drills like Quantum Dawn 2 vital to security in financial sector

Mock exercises can help banks identify weaknesses in their incident response capabilities, analysts say

Cyber exercises, like the Quantum Dawn 2 drill carried out by dozens of Wall Street firms this week, can be useful in helping financial firms close critical gaps in their incident response capabilities, analysts said.

The drill, coordinated by the Securities Industry and Financial Markets Association (SIFMA), involved more than 500 individuals from about 50 organizations, including financial services firms, exchanges, the U.S. Department of the Treasury, the Department of Homeland Security and the FBI.

The one-day exercise simulated a multiple-day period during which companies had to deal with three types of cyberattacks intended to disrupt trading in the U.S. equities market.

The simulated attacks were conducted against a "closed loop system" to ensure that no production systems were affected by the exercise. The participating organizations were required to work from their own locations to mitigate various threats against their networks and to formulate a response in coordination with other financial services firms and government agencies.

The goal was to measure how well the financial sector is able to share cyberthreat information and coordinate with each other to respond to a large-scale cyberattack.

An analysis of how well the firms did in the simulated attack will not be known for several weeks. But the exercise itself was a success, said SIFMA's vice president of financial services operations, Karl Schimmeck, in a statement.

"Cybersecurity is a top priority for the financial industry," Schimmeck noted. "This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack." SIFMA will review the results of the cyber exercise with its members to identify areas for improvement, he said.

Quantum Dawn 2 is the second time that the financial sector has undergone such an exercise. In 2011, the Financial Services Sector Coordinating Council (FSSCC) ran a cyber drill in which Wall Street firms were asked to respond to simulated physical attacks and cyberattacks designed to corrupt the National Market System and publicly reported stock prices and trades.

That exercise showed that while the financial services sector had good plans and procedures for sharing information, its members were less coordinated when making critical decisions such as closing markets in the face of a massive cyberattack.

Avivah Litan, a Gartner analyst, called such tests invaluable for shoring up security in the financial sector, which has come under a series of massive distributed denial of service (DDoS) attacks in recent months.

"I think these cyber exercises are incredibly useful and important, mainly because they uncover gaps and coordination issues in organizational processes," Litan said.

Often, functional silos are major impediments to fast response in cyberattack situations, especially in large organizations, Litan said.

"Several divisions have to coordinate their response in a very timely fashion. This involves, for example, working across divisions for threat intelligence, security operations, network operations and also some hosting service providers."

Exercises like Quantum Dawn 2 allow "organizations to flesh out their internal processes as well as test the technologies and management processes they have for dealing with the attacks," she said.

Simulated cyberattacks are useful given the proliferation of cloud technologies and an increasingly dispersed workforce, said Narsi Kodukula, vice president of product strategy at security vendor CipherCloud. "Given the complexity and rapid nature of the tech evolution, simulations that help identify weaknesses as well as foster information sharing," are vital, he said.

This article, Cyber drills like Quantum Dawn 2 vital to security in financial sector, was originally published at

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about financial it in Computerworld's Financial IT Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and HackingFinancial ITsecurityU.S. Department of the Treasuryquantumfbi

More about FBIGartnerQuantumTopicWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts