Some of Wall Street’s largest and most important financial institutions are about to come under internet attack, with the aim of crippling the networks of financial services networks across the USA.
But don’t worry, because it’s all in a good cause.
Well-known firms are running a drill today, codenamed “Quantum Dawn II”, which is designed to test their defences against internet attack, and see how well companies and organisations respond and co-ordinate with each other in the event of a serious online attack.
The exercise involves approximately 50 organisations, including stock exchanges, large financial firms, the FBI, and the US Treasury and Department of Homeland Security.
(Ironically, this simulation appears to have come just hours after a NASDAQ community forum was hacked, exposing users’ passwords and contact details.)
So, do exercises like this run the danger of putting the world’s real financial systems at risk?
No. Because it’s a simulation, played out in a safe environment developed by security services vendor Cyber Strategies.
Cyber Strategies have built a tool called “Distributed Environment for Critical Infrastructure Decision-making Exercises – Finance Sector” (DECIDE-FS), where financial firms can attempt to keep their services operating as normal, while being under simulated attack.
On its website, Cyber Strategies compares its simulation to a multi-player online game:
DECIDE-FS™ works like a massively multiplayer online role-playing game (MMORPG), a genre of video game in which players interact within a virtual world. An experienced exercise “controller” acts as the game master, setting up the exercise scenario, and assigning players to roles. Players login to a common DECIDE-FS™ server at the appointed time, select the exercise in which they plan to participate together, and begin to play.
But this isn’t a game of Pac-Man or your company’s IT staff sneaking off for a few hours of messing around on World of Warcraft. This is about preparing seriously for a possible attack that could disrupt financial firms and stock exchanges, and lead to shareholders losing faith in the markets.
It is healthy for companies to take the discussion of potential threats out of their meeting rooms and get practical experience of what can go wrong in the heat of an internet attack.
Let us hope, once the simulation’s results and the events of today are examined, that financial firms and law-enforcement agencies will be better prepared to deal with such scenarios when they are no longer simulations but the real thing.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.