The Securities Industry and Financial Markets Association (SIFMA) will kick off Quantum Dawn 2 on Thursday in hopes of “informing best practices moving forward.” The mounting threat of organized, full-on cyber-attack on the financial services industry prompted the drill.
“This exercise will build on the lessons learned from the previous exercise, as well as a second generation version of the exercise tool,” SIFMA said on its Web site. “We expect this exercise to improve the readiness of sector as a whole to respond to a [Wall] Street-wide cyber-attack, and allow each participating firm to test their internal coordination mechanisms and processes.”
All Banks, Big and Small
Employees from JPMorgan, Bank of America, Citigroup and other banks will participate from their usual workplaces in New York from 9 a.m. to 2:30 p.m., watching a simulated stock exchange for signs of an attack — and responding to them. The first Quantum Dawn, a 2011 drill named for the dawn of quantum computing, had fewer than half the participants of this year’s exercise, in part because it preceded last autumn’s flood of cyber-attacks.
“If you went to banks three years ago, and said, ‘What are your top five risks?’ probably none of them would put cyber on there,” SIFMA VP Karl Schimmeck said in USA Today Tuesday. But cyber-strikes against U.S. targets shot up 42 percent in 2012, according to Mountain View, Calif.-based computer security firm Symantec.
Cyber-attacks are now among the risk factors that big banks list to regulators and investors. And firms employing less than 250 people find themselves in hackers’ crosshairs ever more often, according to the Office of the Comptroller of the Currency.
New York-based consultancy Deloitte will assess Quantum Dawn 2, but these drills won’t end with cyber-attacks. SIFMA will conduct a three-day exercise in November, gauging Wall Street’s capacity to keep markets functioning during mock H7N9 bird flu and Middle East Respiratory Syndrome (MERS) pandemics — with staffing as low as 60 percent.
“It’s something we haven’t tested as a sector for a good amount of time,” Schimmeck said in Wednesday’s Financial Times, referring to the last pandemic drill about six years ago. “For a lot of the banks, their footprints have changed dramatically over the past few years, and so have their headcounts.”
And so has the technology — used by good guys and bad guys.
So this isn’t about wiping cybercrime from the map because that will never happen. It’s about staying ahead of the bad guys.
“If someone asks, ‘When are you going to stop cybercrime?’” Greg Garcia, principal of Washington, D.C.-based consulting firm Garcia Cyber Partners, said in USA Today. “Well, when are you going to stop crime?”
Follow Derek on Twitter: @DKlobucher