Quantum Dawn II simulates cyberwar attack against Wall Street

Wall StreetSome of Wall Street’s largest and most important financial institutions are about to come under internet attack, with the aim of crippling the networks of financial services networks across the USA.

But don’t worry, because it’s all in a good cause.

Well-known firms are running a drill today, codenamed “Quantum Dawn II”, which is designed to test their defences against internet attack, and see how well companies and organisations respond and co-ordinate with each other in the event of a serious online attack.

The exercise involves approximately 50 organisations, including stock exchanges, large financial firms, the FBI, and the US Treasury and Department of Homeland Security.

Sign up to our free newsletter.
Security news, advice, and tips.

(Ironically, this simulation appears to have come just hours after a NASDAQ community forum was hacked, exposing users’ passwords and contact details.)

So, do exercises like this run the danger of putting the world’s real financial systems at risk?

No. Because it’s a simulation, played out in a safe environment developed by security services vendor Cyber Strategies.

Cyber Strategies have built a tool called “Distributed Environment for Critical Infrastructure Decision-making Exercises – Finance Sector” (DECIDE-FS), where financial firms can attempt to keep their services operating as normal, while being under simulated attack.

On its website, Cyber Strategies compares its simulation to a multi-player online game:

DECIDE-FS™ works like a massively multiplayer online role-playing game (MMORPG), a genre of video game in which players interact within a virtual world. An experienced exercise “controller” acts as the game master, setting up the exercise scenario, and assigning players to roles. Players login to a common DECIDE-FS™ server at the appointed time, select the exercise in which they plan to participate together, and begin to play.

But this isn’t a game of Pac-Man or your company’s IT staff sneaking off for a few hours of messing around on World of Warcraft. This is about preparing seriously for a possible attack that could disrupt financial firms and stock exchanges, and lead to shareholders losing faith in the markets.

It is healthy for companies to take the discussion of potential threats out of their meeting rooms and get practical experience of what can go wrong in the heat of an internet attack.

Let us hope, once the simulation’s results and the events of today are examined, that financial firms and law-enforcement agencies will be better prepared to deal with such scenarios when they are no longer simulations but the real thing.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Quantum Dawn II simulates cyberwar attack against Wall Street”

  1. cypherpunk

    Can people outside US benefit from this DECIDE-FS system ?

    1. Graham CluleyGraham Cluley · in reply to cypherpunk

      That's probably a question best directed to Cyber Strategies. http://www.cybstrat.com/

  2. wowit

    just look at how fast rich people response to protecting their money $$

  3. Carson

    I don't know whether descriptions like this one(CybStrats for DECIDE-FS) help creating the right midnset for the user. It may all seem like fun and games – and in the end, noone is prepared well enough to cope with real-world attacks.

    1. shtiasa · in reply to Carson

      PEOPLE are the weakest link in the chain.Imagine….someone being careless about passwords…there are too many ways in which personally identifiable info can be leaked,which can be used to impersonate users on these networks.How far are my points valid?
      (Note:I am not asking this rhetorically)

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.