Quantum Dawn II simulates cyberwar attack against Wall Street

Wall StreetSome of Wall Street's largest and most important financial institutions are about to come under internet attack, with the aim of crippling the networks of financial services networks across the USA.

But don't worry, because it's all in a good cause.

Well-known firms are running a drill today, codenamed "Quantum Dawn II", which is designed to test their defences against internet attack, and see how well companies and organisations respond and co-ordinate with each other in the event of a serious online attack.

The exercise involves approximately 50 organisations, including stock exchanges, large financial firms, the FBI, and the US Treasury and Department of Homeland Security.

(Ironically, this simulation appears to have come just hours after a NASDAQ community forum was hacked, exposing users' passwords and contact details.)

So, do exercises like this run the danger of putting the world's real financial systems at risk?

No. Because it's a simulation, played out in a safe environment developed by security services vendor Cyber Strategies.

Cyber Strategies have built a tool called "Distributed Environment for Critical Infrastructure Decision-making Exercises - Finance Sector" (DECIDE-FS), where financial firms can attempt to keep their services operating as normal, while being under simulated attack.

On its website, Cyber Strategies compares its simulation to a multi-player online game:

DECIDE-FS™ works like a massively multiplayer online role-playing game (MMORPG), a genre of video game in which players interact within a virtual world. An experienced exercise “controller” acts as the game master, setting up the exercise scenario, and assigning players to roles. Players login to a common DECIDE-FS™ server at the appointed time, select the exercise in which they plan to participate together, and begin to play.

But this isn't a game of Pac-Man or your company's IT staff sneaking off for a few hours of messing around on World of Warcraft. This is about preparing seriously for a possible attack that could disrupt financial firms and stock exchanges, and lead to shareholders losing faith in the markets.

It is healthy for companies to take the discussion of potential threats out of their meeting rooms and get practical experience of what can go wrong in the heat of an internet attack.

Let us hope, once the simulation's results and the events of today are examined, that financial firms and law-enforcement agencies will be better prepared to deal with such scenarios when they are no longer simulations but the real thing.

Tags: , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , ,

5 Responses

  1. cypherpunk

    July 18, 2013 at 12:59 pm #

    Can people outside US benefit from this DECIDE-FS system ?

    • Graham Cluley in reply to cypherpunk.

      July 18, 2013 at 1:01 pm #

      That's probably a question best directed to Cyber Strategies. http://www.cybstrat.com/

  2. wowit

    July 18, 2013 at 3:04 pm #

    just look at how fast rich people response to protecting their money $$

  3. Carson

    July 18, 2013 at 4:12 pm #

    I don't know whether descriptions like this one(CybStrats for DECIDE-FS) help creating the right midnset for the user. It may all seem like fun and games – and in the end, noone is prepared well enough to cope with real-world attacks.

    • shtiasa in reply to Carson.

      July 19, 2013 at 12:48 pm #

      PEOPLE are the weakest link in the chain.Imagine….someone being careless about passwords…there are too many ways in which personally identifiable info can be leaked,which can be used to impersonate users on these networks.How far are my points valid?
      (Note:I am not asking this rhetorically)

Leave a Reply