door lock

Perspectives

Quantum Dawn and the financial services industry

Cyber simulation may improve securities sector readiness

Recent years have seen an inordinate number of cyberattacks and hacking campaigns, and the US securities sector is a frequent target. Quantum Dawn IV is the fourth cyber simulation designed to strengthen readiness of the financial services industry and the US securities sector to respond to cyberattacks in a coordinated manner.

Explore content

Respond and recover

Hosted by the Securities Industry and Financial Markets Association (SIFMA), in conjunction with Norwich University Applied Research Institutes (NUARI) and SimSpace Corporation, Quantum Dawn IV drew approximately 1,000 people from more than 50 financial institutions, government agencies, regulatory authorities, and market utilities.

The key objective for the cybersecurity simulation exercise was to provide a forum for participants to exercise their technical and crisis response capabilities in response to a sector-wide cyberattack.

Deloitte Risk and Financial Advisory (Deloitte) was engaged by SIFMA to serve as objective simulation observers and prepare the after-action report with recommendations aimed to strengthen sector’s readiness to defend the nation’s critical financial services infrastructure.

Standing together for Financial Industry Resilience: Quantum Dawn IV after-action report

Day one: Cyber range exercise

A subset of participating institutions engaged in a cyber range exercise to test their technical cyber-response skills across a variety of malware incidents perpetrated by a group of attackers.

They faced three types of attacks:

  • Low-impact attacks, including phishing, lateral movement, escalation, and disruption using ransomware
  • Medium-impact attacks, including phishing and lateral movement with an objective to exfiltrate sensitive data
  • High-impact attacks, including credential theft, payment system access, disruption, and compromise

The exercise was followed by an information sharing session where participating firms shared their in-game strategies and reactions. Participants identified the simulation as an optimal mechanism to test their technical preparedness, to train their incident response staff on real-life scenarios, and to identify gaps in capabilities and instrumentation.

Day two: Cyberattack scenario

The day two scenario simulated a “bad day” on Wall Street through a large-scale targeted cyber-attack against numerous financial institutions, with rolling impacts for the sector, markets, and customers. Participants experienced multiple types of attacks including:

  • Payment fraud
  • Distributed denial of service (DDoS)
  • Data theft/ransomware breach
  • Payment system compromise (malware)

This integrated exercise enabled participating firms and partners to:

  • Exercise roles and responsibilities of sector bodies such as SIFMA and the Financial Services-Information Sharing and Analysis Center (FS-ISAC)
  • Rehearse internal response and recovery practices against a diverse set of threats
  • Coordinate responses to the cyber incident with law enforcement and regulatory bodies

Quantum Dawn IV provided a unique opportunity to exercise cyber, crisis response, and coordination capabilities and build muscle memory of these response protocols. Perspectives gained will result in a more resilient financial ecosystem.

–Bill Nelson, president and CEO, Financial Services Information Sharing and Analysis Center (FS-ISAC)

Recommendations

Our observations and recommendations are divided into two themes: Sector-wide coordination, communication, and decision making; and coordination with public sector agencies (e.g., government agencies, regulators, law enforcement).

Sector-wide coordination, communication, and decision making recommendations include:

  • Simplify the complexity of sector response and coordination playbooks to enable a seamless, rapid, and coordinated response, and recovery from cyber events
  • Define clear roles and responsibilities for sector bodies such as SIFMA, the FS-ISAC, and public-sector partners
  • Clarify roles and responsibilities pertaining to the delivery of timely Sector-wide communications, and messages to the financial sector, the media, and the public
  • Ensure that all Sector-wide coordination calls and incident response meetings have a formal definition and structure to seamlessly manage communications and decision-making during a cyber event

Coordination with public sector agencies recommendations include:

  • Define the roles and responsibilities of public-sector agencies during a cyber event and ensure they are clearly understood, and actively tested through cyber simulations and exercises
  • Provide clarity around the detailed information the US government requires from the private sector in order to be able to respond and react to systemic cyber events
  • Promote better communication to the private sector participants in order to provide situational awareness and support incident mitigation during a cyber event
  • Clarify the protocols to be used during public sector crisis management coordination calls

Download the Quantum Dawn IV Public Report to learn more.

Acknowledgements

Participating financial institutions and associations:

Federal contributors: US Department of Treasury, US Securities & Exchange Commission (SEC), Federal Bureau of Investigation (FBI)

Industry groups: Securities Industry and Financial Markets Association (SIFMA); Financial Services–Information Sharing and Analysis Center (FS-ISAC); Financial Services Sector Coordinating Council (FSSCC)

QDIV was organized and designed by Norwich University Applied Research Institutes (NUARI) and SimSpace Corporation, and hosted by SIFMA.

Explore content

Did you find this useful?
Video: Crisis management wargaming

Respond better, emerge stronger