Mock Cyberattack on Banks a Success, SIFMA Says

A staged cyber assault meant to test banks' response to cyber threats took place Thursday from the middle of the morning to early in the afternoon.

A securities industry trade group, the Securities Industry and Financial Markets Association, or SIFMA, conducted the test, called Quantum Dawn 2, to prove the crisis response and communications plans of some of Wall Street's biggest banks.

JPMorgan Chase (JPM), Wells Fargo (WFC), Bank of New York Mellon (BK) and U.S. Bancorp (USB) were expected to take part. The exercise was designed to test the decision-making skills of security managers over a five-and-a-half hour simulated attack.

This drill is the sequel to a six-hour simulation the council held nearly three years ago.

At the time, 30 companies took part in Quantum Dawn. The name is a play on the Twilight saga movie, 'Breaking Dawn,' that was released the day of the event, November 18, 2011.

This week, more than 500 people from 50 different financial services companies and government agencies participated.

Unlike Quantum Dawn, which put participants around a conference room table, Quantum Dawn 2 participants worked in their own offices where they took part via email, telephone and other communications channels.

A trade group official declared the event a success.

"Cybersecurity is a top priority for the financial industry," said Karl Schimmeck, SIFMA's vice president of financial services operations, in an emailed statement. "This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack."

He added that the group plans to analyze the test results to identify areas that need improvement and come up with best practices for financial services companies.

Jeff McGurk, a manager of cyber security at AccessData Professional Services, felt the scope of the test was limited.

It put on trial "the human element," he says. "Things like collaboration, critical thinking, reaction times. But they didn't test the infrastructure or anything digital."

McGurk makes sure to say that the way employees work together is a critical piece of fending off digital crooks, but passing muster on SIFMA's latest test shouldn't put any one bank at ease.

"By no means is it the definitive answer," he says. "After they complete this exercise and say yes, they passed, they can't just sit back and say it's good enough. It's just one small piece of a much bigger picture."

For reprint and licensing requests for this article, click here.
Technology
MORE FROM FINANCIAL PLANNING