Cybersecurity Exercise: Quantum Dawn IV

Quantum Dawn is a series of cybersecurity exercises that enable financial institutions and the sector, as a whole, to practice and improve coordination with key industry and government partners in order to maintain equity market operations in the event of a systemic cyber-attack.

Exercise Purpose

Quantum Dawn IV enabled individual financial institutions, the sector and key partners, such as the U.S. Treasury, federal law enforcement, federal regulators, and the Financial Services Information Sharing and Analysis Center (FS-ISAC), to practice coordination and exercise incident response protocols, both internally and externally, to maintain smooth functioning of the financial markets when faced with a series of sector-wide cyberattacks.

Exercise Objectives

  1. Exercise the interaction between firms, the financial sector and the public sector (e.g., government agencies, regulators, intelligence community) with a focus on coordination, information sharing or requesting assistance.
  2. Simulate a cyberattack at multiple financial institutions effecting the timeliness and/or accuracy of equity and fixed income futures transactions impacting the associated cash markets and the payments processes for foreign exchange.
  3. Enable participants to exercise their internal incident response protocols to remediate or resolve the situation and maintain internal firm stability.
  4. Exercise response protocols at FS-ISAC, SIFMA and U.S. Treasury so that firms can review what coordination will occur at a sector-level and at the U.S Government during a systemic cyber event.

Background

  • Quantum Dawn I & II: In November of 2011 and July 2013 the financial services sector, in conjunction with service provider Norwich University Applied Research Institutes (NUARI), organized two market-wide cybersecurity exercises called Quantum Dawn I and Quantum Dawn II, respectively. Those events provided a forum for participants to exercise risk practices across equities trading and clearing processes and market closure protocols in response to a systemic attack on market infrastructure. Quantum Dawn II focused on exercising procedures for closing the equity markets.
  • Quantum Dawn III: Held September 2015, Quantum Dawn III focused on exercising procedures to maintain market operations in the event of a systemic attack. Participants first experienced firm-specific attacks, followed by rolling attacks upon equity exchanges and alternative trading systems that disrupted equity trading without forcing a close. The concluding attack centered on a failure of the overnight settlement process at a clearinghouse.

Key Facts of Quantum Dawn IV

Quantum Dawn IV took place November 7-8, 2017 and was coordinated by SIFMA using service providers NUARI (Norwich University Applied Research Institutes), and its latest version of the DECIDE FS, and the SimSpace Corporation’s Cyber Range software for the simulation and execution of the exercise.

The exercise was not a pass/fail test, but rather an opportunity for participants to interact across functions internally and with partners externally as they exercise their crisis response and communications plans.

In this exercise:

  • Over 900 participants from over 50 financial institutions and government agencies took part;
  • Participating entities included securities firms, banks, asset managers, FS-ISAC, and financial market infrastructure providers of all sizes;
  • There was robust engagement by regulators and government entities, including U.S. Treasury, the Securities and Exchange Commission and the Federal Bureau of Investigation;
  • Simulation was “closed loop” – no real-world systems were utilized or impacted; and
  • The distributed approach was used, meaning that organizations participated from their own locations to further enhance the realism of the simulation and make use of real-world communication systems like email and phone.

Results and Next Steps

A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing.

No single actor – not the federal government, nor any individual firm – has the resources to protect markets from cyber threats on their own.

SIFMA has worked with Deloitte Risk and Financial Advisory Cyber Risk Services, who served as an independent observer of the exercise, to analyze participant feedback and produce a public after-action report with key observations and recommendations for enhancing the financial services sector’s ability to respond to a systemic cyber event.

If you have a media inquiry, please contact Katrina Cavalli.

Additional Information and Resources

Quantum Dawn IV is just one component of how SIFMA is working with its members on a variety of cybersecurity initiatives. Learn more with these additional resources: