“Quantum” Leap: One Group’s Novel Take on Cybersecurity
Rather than taking cybersecurity threats lying down, the Securities Industry and Financial Markets Association has been holding simulations so that the industry knows what to do when a real attack takes place.
When Wall Street suffered a mass attack on its infrastructure last week, it was totally an inside job.
Fortunately, everyone already knew it was, because the Securities Industry and Financial Markets Association (SIFMA) gave investors a heads up. And it was just one way to help remind both the federal government and the industry of the dangers the sector faces.
Wait, what?! Yeah, you read that right. SIFMA has been working on a crisis-response strategy for many of Wall Street’s banks and has been staging mock cyberattacks in an effort to test preparedness. The association’s “Quantum Dawn 2” stress test—both its name and its sequel status riffing on the Twilight movie series—is the second such test. This time, the scale—and the stakes—were just a bit bigger. The first one, which took place in November 2011, situated 30 companies inside a single conference room; this time, the test took place with the help of more than 50 companies and 500 participants, with many working in their own offices, communicating via email and other platforms, according to American Banker.
So how’d the banks do? According to a press release from the association, the testing, which ended Friday, met its goals. “This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing, and refine their protocols relating to a systemic cyberattack,” said SIFMA’s vice president of financial services operations, Karl Schimmeck. “We look forward to analyzing today’s findings with our members to identify areas for improvement and best practices that will enable firms and the entire sector to better prepare for and defend against cyberthreats.” Schimmeck said that the association will create a report based on the tests within the next month.
Why it’s worthwhile: Gartner analyst Avivah Litan, speaking to ComputerWorld, suggests such exercises could prove “incredibly useful and important, mainly because they uncover gaps and coordination issues in organizational processes. Several divisions have to coordinate their response in a very timely fashion. This involves, for example, working across divisions for threat intelligence, security operations, network operations, and also some hosting service providers.” Other analysts note that tests like these are increasingly important in the age of cloud computing and remote workers.
But former U.S. Sen. Judd Gregg, the CEO of the association, wrote in an op-ed prior to the test that the federal government could do more to help the industry fend off such threats.
“Industry efforts alone are insufficient,” the New Hampshire Republican wrote for Bloomberg. “President Barack Obama got it right in his Feb. 12 executive order, which encourages partnerships between the federal government and private-sector businesses. But we need more information from the U.S. government on the diverse and evolving threats we are facing.”
How has your association helped draw attention to pressing industry issues such as cybersecurity? Let us know your take in the comments below.
The command center used during the Quantum Dawn 2 cybersecurity exercise last week. (photo via SIFMA)