Industries Come Together To Practice Response For Cyber-Attacks

CNBC Cyber Reporter Shares Value Of Exercises With Task Force 7 Radio

Add bookmark

Jeff Orr

Cyber Wargames

CNBC Cyber Security Reporter Kate Fazzini joined episode #109 of the Task Force 7 Radio podcast.

Host George Rettas discussed a recent wargames exercise that Fazzini covered. The pair discussed the type of attacks drilled on by financial sector participants and what was different about this year's Quantum Dawn exercise than in previous years. Fazzini also discussed how effective these war gaming exercises are, the risks of U.S. firms exposing too much information to overseas entities and what the main concern was during a separate energy sector war games.

Recent Attacks Are Cause For Concern Across Financial Sector

The financial industry participates in an annual cyber exercise. For the first time, the event hosted international participants. Fazzini explained that the exercise is put on by the Securities Industry and Financial Markets Association (SIFMA), which consists of several hedge funds as well as other kinds of financial institutions.

Only two years ago, the NotPetya and WannaCry ransomware attacks were released. The latest exercise practiced an international wave of ransomware that had significant knock-on impacts across the financial sector. Ransomware continues to be enormously destructive in ways that continue to surprise us, said Fazzini. “So, even in 2017 when we had WannaCry and NotPetya, you had these global attacks that just skipped from one company to another. They moved around like a worm and not like a targeted ransomware attack.”

See Related: 4 Ways To Defend The Enterprise From Nation-State Attacks

More recently, there have been attacks in Florida that shut down cities and similar attacks on Texas school districts. The financial industry recognizes that while a lot of big banks are poised to be resilient in a ransomware attack, there are ways that this particular threat spreads faster than expected.

Host Rettas observed that cyber-attacks have morphed beyond targeting infrastructure and are starting to put human lives at risk. E911 services have been impacted and hospitals have had to move people. Finance was probably the best poised to defend against this cyber threat due to business continuity investments and resiliency efforts.

This was the first year that SIFMA conducted a truly international exercise involving Asia-Pacific and European participants. Furthermore, international regulators participated and discussed how an attack that jumps from the United States to Asia to Europe and back to the United States required each regulator to assume additional roles. “It was a way for the organizers to let everybody have a voice and see how they would be communicating,” said Fazzini.

A follow-up report is being published to discuss both the pluses and minuses along with communication failure points and going concerns. That will be a really interesting document to get an idea of what they think might have gone wrong in their communications for this scenario.

A press call after the event discussed the scenario and what it entailed, but left out a lot of details. “Right now, there are some big intelligence issues with some of the countries in the Asia-Pacific region and how much we really want them to know about our capabilities and our weaknesses,” remarked Fazzini. “I believe that we have to have a strong working relationship with all of the banks, including the banks in Asia.”

See Related: Shifting The Cyber Conversation From Technology To Risk With Admiral Michael Rogers

Energy Sector Hosts Cyber Response And Recovery Simulations

For an important sector such as Energy, a lot can happen in a cyber-attack that leads to catastrophic events. Rettas asked Fazzini to expand on a similar exercise hosted by the energy sector.

The North American Electric Reliability Corporation (NERC) hosts a biannual grid security exercise called GridEx. The exercise is an opportunity for several thousand utilities and energy-related participants to demonstrate how they would respond to and recover from simulated coordinated cyber and physical security threats and incidents, strengthen their crisis communications relationships and provide input for lessons learned.

What was NERC most worried about? “It was not as much the energy grid, but what will the energy grid impact be if there is a major cyber event against that infrastructure,” noted Fazzini. Also, would a major cyber-attack look that different from a hurricane in one part of the world? “Resiliency would be pursued in much the same way as if a bunch of substations flooded.”

Gauging The Effectiveness Of Virtual Wargaming Exercises

Historically, these incident scenarios have been conducted via large conference calls or virtual simulations. Rettas questioned the effectiveness of this format. “It's effective for uncovering communication problems,” said Fazzini. “One of the things that you miss is the undercurrent of the incident. There are people talking on the conference bridge calls and then there are people texting each other behind the scenes” using a private texting service to discuss what's really going on.

Is Fall Guy Part Of The CISO Job Description?

The pair closed out the episode discussing the executive changes at Capital One, whether or not CISO's are being treated fairly when breaches occur, and how the perils of being a CISO in a high profile company are changing every day.

You can hear the complete Task Force 7 Radio podcast episode at VoiceAmerica.

See Related: Task Force 7 Radio Podcast Recaps