Organized by the Securities Industry and Financial Markets Association (SIFMA) and involving also the U.S. DHS, the Treasury Department, the Federal Reserve, and the Securities and Exchange Commission, the cyber drill is aimed at testing just how well these companies and organizations can react and collaborate in order to protect their cyber assets.
The participants - three executives from each firm: one from the business continuity department, one from information security, and one from operations - will come to work as usual and be in their offices when, around on 9 a.m. Eastern Time, the exercise will start.
Of course, the attacks won't be performed against actual trading and information platforms, but against testing software known as Distributed Environment for Critical Infrastructure Decision-making Exercises – Finance Sector (DECIDE-FS).
The attacks will start slowly, and will be escalated as the hours go by. The participants will initially likely only see that the trading processes are executed more slowly then usual or that the system is behaving in an unexpected manner.
It will be up to them to discover what is happening, whether they need to shut down or slow down the trading, and so on.
"We will facilitate a conference call where we share what we know, have our regulators participate and see if we can understand a threat, deal with a threat and then do a shared analysis so that no one is working on their own," Karl Schimmeck, VP of financial services operations at SIFMA, shared with Reuters.
It is, of course, unknown what type of attacks will be launched against these fake platforms, but DDoS and malware attacks will probably happen. The exercise will end at 2:30 p.m. that very same day, but will simulate multiple trading days.
This edition of the cyber drill is a bit different from the first one conducted in November 2011, when the participants were all sitting at one table and dealing with both a cyber attack and mock armed attackers trying to get into the physical premises of the exchanges.