Of all business sectors, financial institutions are subject to the most frequent and sustained cyberattacks, creating a risk not just to their own businesses, but also to overall national and international cybersecurity.
Having been accused in the past of inviting attack through a lack of consolidated effort, the US Securities Industry and Financial Markets Association (SIFMA) organised a military-type exercise to simulate an attack against Wall Street targets, with the aim of improving future resilience.
The Quantum Dawn 2 simulation took place on facsimile trading platforms not connected to the real thing, and alerted users by generating realistic symptoms of a large-scale attack, such as virus alerts and a slow-down in trading systems. As well as tackling local problems, companies had to communicate with each other to make critical technical and market decisions, testing the response plans in place to maintain effective and orderly markets, and protect clients.
The original Quantum Dawn exercise took place in November 2011, with just half as many participants. The programme previously used to simulate the attack, Distributed Environment for Critical Infrastructure Decision-making Exercises – Finance Sector (DECIDE-FS), has since been upgraded to better imitate newer types of attack.
Quantum Dawn 2 took place on 18 July 2013, delayed from its original June date due to a surge of interest, with around 50 financial organisations participating, including Nasdaq OMX, BATS Exchange and Direct Edge, according to Wall Street & Technology.
The exercise has generated international interest, with calls for similar events to take place in other financial centres.
Alex Fidgen, director of IT security company MWR InfoSecurity, said: "This is exactly what we ought to be doing in the UK. The government, security companies and businesses should be mounting a similar operation."
Fidgen warned that attacks are on the increase and that, in the future, there are likely to be a greater number of never-before-seen cyberattacks involving technical techniques and exploits. "The more that can be done to prepare the UK for these attacks, the better we will be able to respond and protect our business infrastructure," he added.