Cybersecurity Exercise: Quantum Dawn 2

Cybersecurity Exercise: Quantum Dawn 2

Quantum Dawn 2 was a cybersecurity exercise to test incident response, resolution and coordination processes for the financial services sector and the individual member firms to a street-wide cyber attack.


SIFMA held the Quantum Dawn 2 exercise on July 18, 2013 to enable both individual firms and the sector as a whole to test their response plans in order to maintain effective and orderly markets and protect clients in the event of a systemic attack. Overall, the industry proved to be resilient in the face of a cyber attack.

The exercise was completed successfully with robust engagement from over 50 participants. The sector came together and utilized its existing protocols, procedures and processes to effectively communicate with each other and with government partners to address the crisis and restore the markets to fair and orderly operation.

SIFMA continues to believe that industry efforts alone are insufficient to address cyber attacks. A strong partnership between the industry and government is essential to effectively defend against these threats and keep millions of clients safe. Done right, information-sharing is the best way to keep our clients protected and our companies enabled to defeat the most critical threats. We call on Congress to take action and pass cybersecurity legislation that makes it easier for the government to share information with the private sector, and vice versa.



Exercise Summary

  • Broad participation was essential to maximizing the potential of the Quantum Dawn 2 program to inform best practices moving forward.  Participation in Quantum Dawn 2 was almost double that of the first exercise: over 500 individuals from approximately 50 entities participated. Participating entities included financial companies of all sizes, exchanges, utilities, U.S. Department of the Treasury, Securities & Exchange Commission, Department of Homeland Security, and Federal Bureau of Investigation. 
  • Quantum Dawn 2 was not a pass/fail systems test but rather an opportunity for organizations to exercise their crisis response and communications plans in the event of a systemic cyber attack. 
  • This was a "closed loop" simulation – no real systems were impacted. 
  • This one-day exercise simulated a multi-day period where companies had to contend with three major types of attacks. Firms participated from their own locations to ensure a realistic experience.
  • Quantum Dawn 2 simulated a series of systemic cyber attacks that attempted to disrupt trading in the U.S. equities markets. 
  • Participants were able to run through their crisis response plans including: how they would mitigate various threats against their firm, how they would coordinate with the financial sector as a whole to share information and how they would coordinate with government agencies.


Results and Next Steps

Over the next several weeks, SIFMA and its members will continue to analyze feedback from the exercise and implement recommendations made in the After-Action Report to improve the sector response.

Select key findings include:

  • A strong partnership between the industry and the government is essential to keeping our millions of clients safe. We need Congress to take action and pass Cybersecurity legislation that makes it easier for the government to share information with the private sector, and vice versa.
  • The industry can take steps to institutionalize the steps taken when deciding to open or close the markets, as well as enhance our communications protocols in the event of a systemic cyber attack.


Background on the Quantum Dawn Exercises

The financial industry has been under a constant state of attack for the past year as hackers attempt to steal clients’ money, crash computer systems and disrupt capital markets. So far, the industry has been able to thwart the most serious attacks and protect its clients, but hackers are adapting and growing more dangerous.
One of the most alarming trends in the increasing number of cyber-attacks on smaller financial institutions and businesses. These organizations typically don’t have the same resources or access to information that larger companies do. This makes them more vulnerable to a malicious attack that could disrupt capital markets and shake investor confidence in the financial system. Hackers are also using individuals and smaller institutions as a gateway to infiltrate larger banking organizations. Everyone is a target.

  • The most common types of attacks are what's called distributed denial of service - or DDoS - attacks. These attacks attempt to hurt the credibility of financial institutions by crashing their websites or other public-facing outlets that millions of financial clients turn to everyday.
  • Phishing attacks are also common - these are the attacks where hackers attempt to access passwords and logins of firm employees in order to send out false information that could disrupt the markets. It's important to note that the industry has been successful in thwarting these types of isolated attacks.

As many of our members are aware, in November of 2011 the Financial Services Sector Coordinating Council (FSSCC) hosted a market-wide cyber disruption exercise called Quantum Dawn. That event exercised risk practices across equities clearing and trading processes in response to infrastructure disruption, allowing firms to exercise their internal incident response plans in conjunction with each other, with the FSSCC, and with the FBIIC. The value of this type of exercise was clear to participants, and has since been reinforced by operational disruptions and incidents involving firms in markets both in the U.S. and overseas.

Building on the success of this exercise and the increasing threat posed to the sector by a coordinated, large scale cyber attack SIFMA organized and coordinated a second generation cyber disruption exercise called Quantum Dawn 2. This exercise built on the lessons learned from the previous exercise as well as a second generation version of the exercise tool called the Distributed Environment for Critical Infrastructure Decision-making Exercises – Finance Sector (DECIDE-FS™). We expect this exercise will improve the readiness of sector as a whole to respond to a street-wide cyber attack by allowing each participating firm to test their internal coordination mechanisms and processes to maintain business resiliency.


Business Inquiries: Thomas Wagner, 212.313.1161 
Media Inquiries: Liz Pierce, 212.313.1173




Learn How ›


For more information on Business Continuity Planning (BCP), please contact:

 Thomas Wagner

SIFMA SmartBrief: Operations and Technology Edition

Essential industry news, delivered weekly.


Market Data