The Securities Industry and Financial Markets Association (SIFMA) recently released key findings from a cybersecurity exercise (dubbed “Quantum Dawn 3”) conducted by over 80 financial institutions and government agencies in September. The exercise consisted of three parts: “participants first experienced firm-specific attacks, such as a distributed denial of service (DDoS), a domain name system (DNS) poisoning or breach of personally identifiable information (PII). These attacks were followed by rolling attacks upon equity exchanges and alternative trading systems that disrupted equity trading without forcing a close. The concluding attack centered on a failure of the overnight settlement process at a clearinghouse.”
Deloitte Advisory prepared a report regarding the exercise and noted that:
- Institutions were able to identify and leverage internal and external capabilities in responding to the market-wide cyber-attacks.
- More than 80 organizations built muscle memory within their crisis response by exercising DDoS mitigation, DNS attack coordination and data breach assessment and communication.
- Institutions, along with the [Financial Services Information Sharing and Analysis Center, (FS-ISAC)], the FBI, and regulators, enhanced their working relationships and exercised the public/private partnership that will be required to respond to a large-scale attack.
- The FS-ISAC and FBI specifically indicated that they were appropriately engaged by organizations and were active participants in information sharing during the exercise.
- The exercise demonstrated the critical importance of information sharing in responding to a cyber attack and the value of having established and regularly utilized processes prior to a crisis.
The report also included some recommendations regarding how firms can better respond to such a large scale attack. The report suggested that individual firms could improve responses by “[e]nhanc[ing] executive leadership involvement in the response, recovery, and decision making protocols during times of crisis” and by creating cross-functional “integrated cyber incident response teams.” From a market-wide perspective, the report proposes that market utilities could play a larger role in the early detection of attacks and the coordination of appropriate responses. Deloitte also suggested increased communication between financial institutions and government agencies and greater clarity around “thresholds” for when sharing information is necessary and standards and processes to facilitate that information transfer.