Skip to main Content
Site Search

Advanced Search

  • Mondo Visione
  • Mondo Visione - Worldwide Exchange Intelligence
Member Login

Member Login

Forgotten your password?

Financial Sector’s Cybersecurity Readiness Exercised By Quantum Dawn IV - SIFMA’s Cybersecurity Exercise Identifies Key Findings For Financial Sector And Public Partners To Address Crisis Response Protocols

Date 28/06/2018

SIFMA today released the summary of key findings from its biennial Quantum Dawn cybersecurity exercise conducted over two days in November 2017 that brought together more than 50 financial and public-sector organizations and over 1,000 industry experts. Along with SIFMA, Deloitte Risk and Financial Advisory observed the simulation and prepared the After-Action Report with recommendations aimed to help the sector strengthen its readiness to defend critical financial services infrastructure from an array of cyberattacks and scenarios.

Among the recommendations made by Deloitte Risk and Financial Advisory included simplifying the complexity of sector response and coordination playbooks, and in coordination with public sector agencies, further define the roles and responsibilities of the public partners during a cyber event and ensure they are clearly understood and actively tested through cyber simulations and exercises.

Quantum Dawn IV participants, which included financial sector institutions and SIFMA, as well as law enforcement, government, and regulatory partners, use the exercises to strengthen the readiness of the financial services sector to respond to cyberattacks in a coordinated manner.

“On a daily basis, our industry and government partners are the target of cyberattacks that we must vigilantly counter in order to protect our nation’s financial system,” said Kenneth E. Bentsen, Jr., SIFMA president and CEO. “The Quantum Dawn series of exercises is one of the many ways in which SIFMA leads the industry in testing and evaluating institutional preparedness and protocols as well as cross-communication and coordination with government regulators and agencies.  This remains a top priority for us and our members.”

In a change from previous exercises, Day 1 of Quantum Dawn IV provided a real-life “hands-on-keyboard” exercise for participating institutions to test their technical cyber response capabilities. SIFMA, in collaboration with SimSpace Corporation and Norwich University Applied Research Institutes (NUARI), orchestrated a cyber range exercise in which a “red team” of adversaries attempted to infiltrate a specialized sandbox environment. Each participating institution’s “blue team” set up its defenses using the same security tools available on their production network to detect, block, and eradicate simple, low-level attacks as well as more sophisticated scenarios.

Day 2 involved participants engaging in a sector-wide simulation to test their crisis response, communication, and coordination capabilities that revolved around a simulated “bad day” on Wall Street in which a large-scale targeted cyberattack is made against numerous financial institutions and news organizations, with rolling impacts for the sector, markets, and customers.

“The Quantum Dawn IV cybersecurity incident simulation exercises challenged institutions’ cyber incident response capabilities and the coordination of resources across jurisdictions, presenting a major opportunity for public and private sector institutions to collaborate to protect our financial services sector,” said Ed Powers, Deloitte Risk and Financial Advisory principal and U.S. leader for Cyber Risk Services, Deloitte & Touche LLP. “Shifting the focus away from just securing and monitoring environments, to actually knowing how to respond to a cyberattack, is how financial institutions can keep ahead of the curve.”

Deloitte Risk and Financial Advisory observed the simulation and worked with SIFMA to prepare the After-Action report that focuses on specific cyber response areas (e.g., communication and escalation, decision-making, government interactions, financial sector process implications) and provided high-level observations that the sector should pursue to improve coordinated responses.  It is available at the following link: https://www.sifma.org/resources/general/quantum-dawn-iv-after-action-report/

Other Resources:

Fact Sheet: Quantum Dawn IV (November 2017)

SIFMA Statement on Completion of Quantum Dawn IV Cybersecurity Exercise(November 9, 2017)