Quantum Dawn 2 a Useful Test, But Banks Have More Cyberwar Prep to Do


A stagedassault conducted Thursday to test banks' ability to respond to cyber threats was a useful exercise, but banks still have a long way to go before they're fully prepared for cyberwar, observers say.

The Securities Industry and Financial Markets Association conducted the test, called Quantum Dawn 2, to prove the crisis response and communications plans of some of Wall Street's biggest banks. More than 500 people from 50 different financial services companies and government agencies participated.

This drill is the sequel to a six-hour simulation the association held nearly three years ago.

At the time, 30 companies took part in Quantum Dawn. (The name is a play on the "Twilight Saga" movie "Breaking Dawn," which was released the day of the event, Nov. 18, 2011.)

Unlike with Quantum Dawn, which put participants around a conference room table, Quantum Dawn 2 participants worked in their own offices where they took part via email, telephone and other communications channels.

A trade group official declared the event a success.

"Cybersecurity is a top priority for the financial industry,"Karl Schimmeck, SIFMA's vice president of financial services operations, said in an emailed statement. "This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack."

He added that the group plans to analyze the test results to identify areas that need improvement and come up with best practices for financial services companies.

These types of exercises are important to perform. They have the ability to expose gaps in the process, procedures and risk management plans of banks that can't be easily account for internally, says Ben Knieff, a fraud, anti-money laundering and data privacy consultant in New York.

"Just as institutions test software and technology, it is critical to test policies and procedures under a 'crisis mode' to ensure what they think will work actually does work," he says. "When it comes to security, the law of unintended consequences almost always comes into play."

But, while the simulation seems to have been a success, no one should be resting easy.

"This exercise was great for sharing contact information between banks for future collaboration on attacks," says David Jevans, the chairman of Marble Security, which offers security software and services for mobile devices. "But much more needs to be done."

He says an increase in phishing and malware attacks against bank employees meant to gain access to internal systems necessitates constant testing.

Jeff McGurk, a manager of cyber security at AccessData Professional Services, points out that the scope of the test was limited.

It put on trial "the human element," he says. "Things like collaboration, critical thinking, reaction times. But they didn't test the infrastructure or anything digital."

Passing muster on SIFMA's latest test shouldn't put any one bank at ease.

"By no means is it the definitive answer," McGurk says. "After they complete this exercise and say yes, they passed, they can't just sit back and say it's good enough. It's just one small piece of a much bigger picture."




'The Law Penalizes the Consumers It Set Out to Protect': Comments of the Week

American Banker readers share their views on the most pressing banking topics of the week. As excerpted from the Comments sections of AmericanBanker.com articles.

(Image: Fotolia)

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

The Most Influential Women in Payments

What does it take to lead in the still-mostly-male world of payments? This year's 20 Most Influential Women in Payments share stories about how they got to the top, their vision for the future of payments (hint: it's mainly mobile), and advice to other women working their way up the ladder.

A Newsletter featuring Bank Technology News' top stories plus special reports and data

Already a subscriber? Log in here
Please note you must now log in with your email address and password.