As I write this blog post, Wall Street is under an epic cyberattack. But don’t worry; it’s only a drill, codenamed Quantum Dawn 2. The purpose of the drill is to test the cybersecurity readiness of the biggest financial institutions in the world, including the U.S. Treasury and other government agencies. An industry trade group, Securities Industry and Financial Markets Association (SIFMA), organized the drill.
Incident response teams from each organization will work from their facilities to respond to the simulated attacks and mitigate them in a coordinated fashion, according to a SIFMA spokeswoman. Participants in the exercise only know that the drill is being carried out, but have not been briefed on any specifics. ‘This is not a Pass/Fail drill,’ she said. ‘The goal is to provide firms an opportunity to test their responses and to ensure that they are in the best position to mitigate.’
I applaud SIFMA for taking the initiative to pull Quantum Dawn 2 together. More than 50 institutions are participating in this drill. Of course, the original Quantum Dawn, held in 2011, had much less support, participation and fanfare.
A lot has happened in the banking and financial industry in two years, primarily a rash of distributed denial of service (DDoS) attacks. Such attacks have become more frequent and severe, as The Province pointed out:
Cyberattacks on the banking industry are growing more frequent and sophisticated and the list of assailants is ever-changing: crime bosses who want money, ‘hacktivists’ who want to make political statements, foreign governments that want to spy on U.S. companies. A successful, widespread attack on the industry would shake confidence in the banking system, and the possibility has banks and regulators on edge.
The attacks against the banking industry have been high profile because, well, this is the banking industry, which Congress had deemed “too big to fail” only a few years ago. However, the banking industry isn’t the only industry in which a cyberattack could have catastrophic results. The health care industry has suffered a number of breaches in medical records, but now the concern includes hacks into medical equipment that monitors patient health via cellular devices or via Wi-Fi.
The critical technological infrastructure is ripe for a massive attack. Go down the list of industries, and it isn’t hard to imagine how much damage a widespread cyberattack could cause.
Having preparedness drills for cybersecurity makes good business sense and perhaps all industries should consider creating such a drill to test their defenses from time to time.