Banks Plan National Cyber-Attack Drill

Simulation Designed to Help Test Defenses

By , September 23, 2013.

More than 1,000 banks will test their incident response strategies by participating in a simulated cyber-attack exercise. SWACHA's Dennis Simmons says the drill, which is open to more participants, will help bolster defenses.

Banks are interested in testing their defenses in the wake of recent cyber-attacks, says Simmons, president and CEO of SWACHA, a regional payments association. Those attacks include account-takeover attempts linked to phishing and ACH and wire fraud, as well as distributed-denial-of-service attacks that are sometimes waged as modes of distraction to veil fraud.

 "[The simulation] helps an institution understand its own internal communication and internal response to these types of incidents," Simmons says in an interview with Information Security Media Group. And the drill can help banks and credit unions update their cyber-attack response plans.

Educating banking institutions about the possible risks they face during a cyber-attack is a goal of the simulated attacks, he says. For example, he points out: "The bad guys may launch a DDoS attack to divert attention [so they can] hijack an account or initiate fraudulent wire transfers."

Open to More Participants

Banks can still sign up at the FS-ISAC website to participate in the two-day drill in October, which is sponsored by SWACHA, along with NACHA-The Electronic Payments Association; the Financial Services Information Sharing and Analysis Center; and numerous state banking associations. 

Banking institution employees participating in the simulated attacks will be e-mailed attack scenarios and then asked to develop response strategies, he explains. "It's a tabletop exercise. All you need to participate is an e-mail address and telephone."

During this interview, Simmons discusses:

  • Communication challenges banking institutions face in the wake of a cyber-attack;
  • Why payments breaches and network vulnerabilities are getting more attention; and
  • How law enforcement is working with SWACHA, FS-ISAC and others to encourage more cyberattack simulations.

As head of SWACHA, Simmons is a nationally recognized payments expert. He serves on the board of directors for NACHA. He's chairman of NACHA's Government Relations Committee, past chairman of NACHA's Electronic Check Council and past co-chairman of NACHA's Risk Management Advisory Group. He also is the immediate past chairman of the Payments Executives Leadership Forum. He is a founding member of the board of directors of the Secure Remote Payment Council and a member of the advisory council and faculty of the Bank Operations Institute at Southern Methodist University.