Its a war game, Wall Street style.
Banks large and small are girding for an elaborate drill this week that will test how they would fare if hackers unleashed a powerful and coordinated attack against them.
The exercise is being called Quantum Dawn 2, and if the name sounds like a video game, its also meant to convey the seriousness of the threat.
Cyberattacks on the banking industry are growing more frequent and sophisticated, and the list of assailants is ever-changing: crime bosses who want money, hacktivists who want to make political statements, foreign governments that want to spy on U.S. companies. A successful, widespread attack on the industry would shake confidence in the banking system, and the possibility has banks and regulators on edge.
Jamie Dimon, CEO of the countrys biggest bank, JPMorgan Chase, acknowledged that attacks are becoming more complex and dangerous, no longer carried out by fairly simplistic hackers commandeering peoples personal computers.
Now youre talking about state-sanctioned folks, hundreds of programmers, he said in a call with reporters this spring, taking over not just PCs but servers and mainframes.
JPMorgan and its peers like Bank of America, Citigroup and Wells Fargo have signed up for Thursdays drill, which is being organized by Wall Streets biggest trade group, the Securities Industry and Financial Markets Association, or SIFMA.
About 50 banks and organizations will participate, including government agencies like the Treasury, the Department of Homeland Security, the Securities and Exchange Commission and the FBI.
During the drill, bank employees will be stationed at their normal offices, and will be blasted throughout the day with bits of information that could indicate an encroaching hacker attack. Theyll monitor a simulated stock exchange for irregular trading and will be pressed to figure out whats going on and how to react while sharing information with regulators and each other.
As the name suggests, this isnt the first Quantum Dawn. The original drill was in November 2011, and it attracted scant attention and only about half as many participants. But that was before a wave of cyberattacks last fall, when big banks were forced to temporarily shut down their websites after attackers bombarded them with traffic – akin to overwhelming a phone line with too many calls.
Whatever the number, banks and the government are on high alert.
Big banks have started listing cyberattacks as a potential risk factor in filings for regulators and investors.