Cyber exercise to target financial firms

Published 14 January 2010

The test, which starts 9 February, will have different scenarios for each of four different types of businesses: Financial firms, retailers, card processors, and general businesses; on each day, participants will receive a description of a specific scenario for their category of business, building on the previous day

A critical-infrastructure group responsible for disseminating information to financial firms announced last week that it would hold a three-day cyber exercise in February to test the security of participants’ payment processing.

The Financial Services Information Sharing and Analysis Center (FS-ISAC) will run the three-day Cyber Attack against Payment Processes (CAPP) starting on 9 February, opening the exercise to any firm that handles payments, William Nelson, president and CEO of the FS-ISAC, told SecurityFocus.

The overall goals are to raise awareness of the cyberattack issue within the financial community,” Nelson said. “There have been a lot of attacks that have been well publicized, and all of them have had some impact on financial institutions.”

The test will have different scenarios for each of four different types of businesses: Financial firms, retailers, card processors, and general businesses. On each day, participants will receive a description of a specific scenario for their category of business, building on the previous day, Nelson said.

The announcement of a cyber exercise follows a number of massive breaches of payment processors and high-profile compromises of small business accounts.

Already, more than 350 companies have signed up for the contest before the FS-ISAC began promoting the contest, Nelson said, adding: “I’m expecting thousands of companies and financial institutions.”