SIFMA today published a summary of the key findings derived from its Quantum Dawn 2 cybersecurity exercise held on July 18, 2013. The “After-Action” report was co-authored by Deloitte & Touche LLP, who served as an objective observer of the exercise and assisted in the preparation of this report to identify ways to improve the industry’s responses to cyber events.
SIFMA’s Quantum Dawn 2 exercise simulated a systemic cyber attack on the U.S. financial system and provided the industry with an opportunity to run through its response procedures. A summary of the After-Action Report is available here; the full report is available to exercise participants only.
“Cybersecurity is a top priority for the financial industry. Quantum Dawn 2 demonstrated the industry’s resiliency when faced with serious cyber attacks that aimed to steal money, crash systems and disrupt equity market trading. Most importantly, the exercise helped participants indentify areas where we can improve. Complacency is not an option in the fight against cyber crime,” said former Senator Judd Gregg, SIFMA’s CEO. “Quantum Dawn 2 proved that information sharing between the private sector and the government is one of the most effective ways to combat cyber crime. We hope this exercise will encourage Congress to pass legislation that promotes this sharing and other activities that will help our country more effectively mitigate cyber threats on the financial system.”
“Quantum Dawn 2 helped participants understand the need not just to be secure, but also to be vigilant and resilient in the face of cyber threats,” said Ed Powers, National Managing Partner, Security & Privacy practice, Deloitte & Touche LLP. “In today’s environment, it’s unrealistic to expect that defenses can prevent all cyber incidents. The financial industry should continue developing capabilities for detecting incidents when they occur, minimizing the impact on business and critical infrastructure, and tying these capabilities together in a comprehensive framework. Quantum Dawn 2 is an important step in that direction.”
Exercise Overview
Quantum Dawn 2 enabled over 500 participants from over 50 different entities across the financial sector to run through their cyber crisis response plans including how they would coordinate with the financial sector as a whole and with government agencies to share information. More information is available here:
http://www.sifma.org/uploadedfiles/services/bcp/qd2-fact-sheet.pdf
Specific objectives of the exercise were to rehearse crisis response plans and mitigation strategies; exercise the market open and close decision process in the event of a cyber attack; simulate the loss of critical infrastructure within the industry; re-examine the sector-wide incident response communications; and develop an understanding of the operational readiness of the industry to open and function after an attack.
The exercise simulated multiple attacks; motives for the attacks included the desire to steal vast amounts of money, disrupt the equities markets, and to degrade firms’ operations capabilities. In the simulated scenario, the attacks directly affected market performance and eventually led to a market closure at the end of the exercise. More information on the simulated attacks is available on page four of the summary report.
Results
Quantum Dawn 2 was completed successfully with robust engagement from all participants. The exercise successfully tested many of the industry’s processes and protocols. It raised awareness among industry participants about working together in a coordinated manner to address systemic risk issues and verified the critical importance of information sharing both between firms and the government as vital to identifying attacks and mitigating the impacts.
The summary report outlines the industry’s positive response to the simulated threats, including: strong communication across business lines within firms; continued enhancement of the ongoing public-private partnership between the industry and various government and regulatory agencies; execution of the industry’s sector-wide response protocols; coordination between SIFMA and the Financial Services – Information Sharing and Analysis Center (FS-ISAC); a highlighted role for the exchanges and clearinghouses as hubs of information; and a successful execution by the Market Response Committee to close the markets.
The exercise also identified areas where the industry can improve its crisis management procedures and strengthen relationships among the industry participants. Page seven of the summary report outlines specific recommendations based on three themes:
- Sector-wide incident command structure and processes – The industry should review and update its sector-wide response playbook to promote greater integration between industry groups, market participants, and government agencies.
- Systemic risk assessment and decision process – The industry should augment existing guidelines and decision frameworks to determine if cyber incidents are systemic
- in nature and could impact the broader financial system.
- Communication and information sharing – The industry needs to institutionalize the procedures for determining if markets will open or close in response to a systemic cyber attack. Further, the industry should set protocols that will promote greater communication and information sharing among market participants when responding to a cyber attack. Additionally, the industry should formalize a strategy for communicating with the public during a cyber attack to promote trust and confidence in the markets.
The summary report can be found here:http://www.sifma.org/uploadedFiles/Services/BCP/After-ActionReport2013.pdf.
The Quantum Dawn 2 online resource center can be found here: http://www.sifma.org/services/bcp/cybersecurity-exercise--quantum-dawn-2/.
