Financial Terror Drills

Title: San Francisco Hosts Multi-Agency Terror Drill Exercise
Date: August 18, 2008
San Francisco Citizen

Abstract: This is what it looked like on Saturday when San Francisco held a
dress rehearsal for disaster in the Financial District. Hundreds of people were on the scene. They came from an alphabet soup of local, state, and federal agencies, such as SFFD, SFPD, FEMA, FBI, the Army, etc. (San Francisco Citizen, 2008).

Title: War Game Tests City Resilience To Cyberattack
Date: November 21, 2011
Financial Times

Abstract: What would happen to the City if it were hit by a cyberattack in the middle of the Olympics?

On Tuesday, thousands of people at 87 of London’s biggest banks, exchanges and other institutions are going to try to find out.

Led by the Financial Services Authority, they will be engaging in a war game that envisions two simultaneous problems: widespread travel disruptions and a major cyberattack. Starting at 8am, the FSA will send out bulletins explaining what has gone wrong and teams at each institution will try to respond. The scenarios could include a complete shutdown of the London Underground to the failure of the network of cash machines or a combination of the two.

Some banks have put as many as 70 people on alert, while smaller institutions are devoting only a handful to the FSA’s sixth “marketwide exercise”. The last two exercises, in 2006 and 2009, focused on a flu pandemic and severe weather disruptions respectively. This year’s version is tentatively pegged to market conditions on August 3, 2012, smack in the middle of London’s hosting of the Olympic games.

The FSA said: “The marketwide exercise is carried out to assess and improve the resilience of the financial services sector, during a major operational disruption and is an important part of planning for major disruptions. There are no ‘passes’ or ‘fails’ – the exercise is about firms assessing their business continuity systems and updating them where necessary and the authorities identifying areas for further attention.”

The FSA war games, which are run jointly with the Bank of England and the Treasury, are among the largest of any financial sector in the world, with more than 5,000 participants in 2008. They are designed to test business continuity plans at British financial institutions as well as the London outposts of large global firms.

While recent FSA war games focus on external disruptions, UK regulators have also run separate exercises looking at financial market woes. A 2004 version envisioned the withdrawal of foreign funding from banks like Northern Rock, a scenario that came uncomfortably close to predicting real events three years later.

The firms’ performances on the day and responses to a series of questionnaires over the next two weeks will be compiled into a report in January that will summarise the results and suggest changes that can be made to improve resilience. Previous war games have led to efforts to improve remote access for key bank employees as well as the gathering of more information on employee routes to work so firms have a better sense of who the absentees are likely to be (Financial Times, 2011).

Title: Mock Cyber Attack On New York Used By Obama To Pitch Senate Bill
Date: March 8, 2012

The Obama administration simulated a cyber attack on New York City’s power supply in a Senate demonstration aimed at winning support for legislation to boost the nation’s computer defenses.

Senators from both parties gathered behind closed doors in the U.S. Capitol yesterday for the classified briefing attended by Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and other administration officials.

Internet-service providers including AT&T Inc. and Comcast Corp. opposed new cybersecurity regulations at a House hearing. The companies said they prefer measures to improve voluntary sharing of information about cyber threats. 

The mock attack on the city during a summer heat wave was “very compelling,” said Senator Susan Collins, a Maine Republican who is co-sponsoring a cybersecurity bill supported by President Barack Obama. “It illustrated the problem and why legislation is desperately needed,” she said as she left the briefing.

U.S. lawmakers are debating cybersecurity legislation following assaults last year on companies including New York- based Citigroup Inc. (C), the third-largest U.S. bank by assets, and Bethesda, Maryland-based Lockheed Martin Corp. (LMT), the world’s largest defense company.

The attacks have increased concern that computer networks operated by U.S. banks, power grids and telecommunications companies may be vulnerable to hacking or viruses that may cause loss of life or inflict widespread economic harm.

The Obama administration is backing a Senate measure introduced on Feb. 14 by Collins and Senator Joe Lieberman, a Connecticut independent, that would direct the Homeland Security Department to set cybersecurity regulations for companies deemed critical to U.S. national and economic security.

Competing Bill
A competing Senate bill from eight Republicans including John McCain of Arizona and Kay Bailey Hutchison of Texas would avoid new rules while promoting information sharing through incentives such as protection from lawsuits. Representative Mary Bono Mack, a California Republican, is preparing to introduce similar legislation in the House.

Senator Roy Blunt, a Missouri Republican, called yesterday’s demonstration “helpful because it got a whole bunch of senators thinking about the same thing at the same time.” He said the exercise didn’t sway him to support either of the Senate bills.

After the briefing, Hutchison cited similarities in the two Senate measures while criticizing the “big new bureaucracy and regulatory scheme” in the Obama-backed legislation.

The simulated attack “was intended to provide all senators with an appreciation for new legislative authorities that could help the U.S. government prevent and more quickly respond to cyber attacks,” Caitlin Hayden, a White House spokeswoman, said in an e-mail after the briefing.

‘Disastrous’ Effects
A cyber attack leaving New York without power for a prolonged time could have “disastrous” effects, potentially severing communications, crashing life-saving medical equipment and destroying networks that run financial institutions, according to Lawrence Ponemon, chairman of the Ponemon Institute LLC, a research firm based in Traverse City, Michigan.

“I would project that you would have literally thousands of people dying,” Ponemon said in an interview. “A cyber attack on electrical grids that was sustained for three to four weeks would be like returning to the dark ages.”

A blackout that swept parts of North America in August 2003 left 50 million people in the dark for as long as four days. Hackers could cause blackouts “on the order of nine to 18 months” by disabling critical systems such as transformers, said Joe Weiss, managing director of Applied Control Solutions LLC, a Cupertino, California-based security consulting company.

“The dollars are incalculable,” Weiss said. The 2003 event, triggered when a power line touched tree branches in Ohio, caused losses of as much as $10 billion, according to a study by the U.S. and Canadian governments.

Internet Providers Object
Internet-service providers, including AT&T Inc. (T) and Comcast Corp. (CMCSA), opposed new cybersecurity regulations at a House hearing yesterday. The companies said they prefer measures to improve voluntary sharing of information about cyberthreats.

Government-imposed rules could impede innovation, the Internet providers said in testimony to a House Energy and Commerce subcommittee.

“Such requirements could have an unintended stifling effect on making real cybersecurity improvements,” Edward Amoroso, chief security officer for Dallas-based AT&T, said in testimony at the hearing. “Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.”

AT&T is the second-largest U.S. wireless carrier. Philadelphia-based Comcast, the leading U.S. cable provider, and Monroe, Louisiana-based CenturyLink Inc. (CTL) expressed similar views in their prepared testimony.

Senate Majority Leader Harry Reid, a Nevada Democrat, has said he wants to bring the Lieberman-Collins bill to the chamber’s floor for a vote as soon as possible, though he hasn’t given a date. The measure is co-sponsored by Democrats Jay Rockefeller of West Virginia andDianne Feinstein of California.

The Lieberman-Collins bill is S. 2105 and the McCain bill is S. 2151 (Bloomberg, 2012).

Title: NSG Carries Out Drill At Stock Exchange
March 22, 2012
Hindustan Times

For the first time after the 26/11 terror strike, the National Security Guards (NSG) conducted an exercise at the Bombay Stock Exchange (BSE) building in south Mumbai on Wednesday night.

Sources in the state home department said that a contingent of the NSG flew down from New

Delhi to conduct the exercise at the building, which was the main target during the 1993 serial blasts.

The exercise was carried out at night. Sources said that the NSG contingent carried out mock exercise to rescue hostages and flush out terrorists. “This is essentially an exercise to familiarise the commandos with the site map of the building and its premises, so they won’t face any problem during a real operation in the future,” sources said.

During the 26/11 terrorist attack, NSG commandos had to launch their assault at multiple targets, such as the Nariman House, Taj and Oberoi Hotels in blind situations. This was because the elite commando unit did not have site maps of these locations or the blue prints of these structures. In the process, they lost Major Sandeep Unnikrisnan, while another commando suffered eye injuries as terrorists lobbed grenades from blind spots at the NSG contingents.

Sources said that the NSG, which recently set up a regional hub in Mumbai, would carry out similar exercises at other high security and vital installations in the city, which have been figuring high on the terror radar. Places which have traditionally been known to harbour terrorists and anti-social elements would witness such “awe and shock” exercises by the NSG in the coming days, sources claimed.

The Maharashtra Anti Terrorism Squad (ATS) commando unit, Force One, also participated in the exercise in order to gain experience from their central counterpart. Prior to Wednesday’s exercise, a similar stealth exercise was carried out by the NSG at a location in Jogeswari, sources revealed (Hindustan Times, 2012).