Standing together for financial industry resilience
Quantum Dawn 3 after-action report
The Securities Industry and Financial Markets Association (SIFMA), in conjunction with Norwich University Applied Research Institutes (NUARI), coordinated two cybersecurity exercises for the financial services sector called Quantum Dawn 1 and Quantum Dawn 2. These wide-scale simulations provided a forum for participants to exercise risk practice responses to a systemic cyberattack. On September 16, 2015, SIFMA hosted Quantum Dawn 3 (QD3), the third cyber simulation in the series. This report focuses on the industry’s overall response to cyber-attacks and provides high-level observations that individual market participants should consider to better respond to cyber incidents.
Quantum Dawn 3
Quantum Dawn 3 (QD3) included over 650 participants from over 80 financial institutions, government agencies, and market utilities. QD3 was designed with a focus to improve the readiness of the financial services sector to respond to sector-wide cyberattacks. The exercise allowed firms to rehearse response mechanisms, both internally across departments and externally across the sector, against a broad range of attacks, as well as to simulate public and private sector market-wide communications, information sharing, threat monitoring, and decision-making during a systemic cyberattack. Deloitte Cyber Risk Services observed the simulation and assisted in the preparation of this after-action report containing recommendations aimed to further protect the nation’s critical financial services infrastructure.
Goals of the exercise, as defined by SIFMA, are as follows:
- Simulate the degradation of critical infrastructure by effecting the timeliness and /or accuracy (integrity) of the clearance and settlement process for equities, allowing participants to exercise their coordination to remediate or resolve the situation.
- Rehearse firms’ internal response capabilities to a cyber-attack scenario, which requires coordination of business continuity, operations, and information security practices in order to maintain equity operations.
- Exercise the interaction between the firms and the public sector (e.g., government agencies, regulators) with a focus on sharing information or requesting assistance.
- Facilitate crisis-state information sharing using only real world communication paths [e.g., phone, email, Financial Services Information Sharing and Analysis Center (FS-ISAC) portal].
- Exercise the Financial Services Sector Coordinating Council /FS-ISAC All Hazards Playbook and the Financial Sector Cyber Response Coordination Guide so that firms understand what coordination will occur at a Sector level during a systemic crisis situation.