Quantum Dawn: Financial industry finishes annual ‘doomsday’ cybersecurity exercise

This week, SIFMA (Securities Industry and Financial Markets Association), held the fifth in its series of exercises meant to simulate a catastrophic cybersecurity event in the banking sector, known as “Quantum Dawn.”

Quantum Dawn: Financial industry ‘doomsday’ cybersecurity exercise

The exercise offers an important yearly insight into what the financial services industry sees as its biggest risks and how it envisions a major cyber disaster unfolding. This year was the first Quantum Dawn exercise that incorporated participants from outside the US, including Europe and Asia. The scenario was a targeted ransomware attack with impacts on major banks across the globe, starting with the US and moving across Asia and the UK.

Ransomware has caused significant issues to major corporations, notably with two major attacks in 2017 known as WannaCry and NotPetya. The fictional scenario outlined by SIFMA highlights what would happen if such an incident targeted the biggest financial institutions, taking critical parts of the global financial system offline.

Around 800 participants from large banks, regulators and other financial firms from 12 countries joined the simulated cyberattack by conference call starting at 7 a.m. Thursday. Other organisations established to share cyberthreat information also participated, including SIFMA’s counterparts in Asia and Europe.

The fictional event centred around a big unnamed US company — one of the “systemically important financial institutions” designated as “too big to fail” by regulators. After the close of the stock market, the institution was attacked by malicious ransomware and knocked offline, explained Thomas Price, a managing director at SIFMA. The initial scenario was followed by a number of questions and discussion of rules around public disclosure of the incident and how the wider financial industry would coordinate and share information, he said.

While the US scrambled to deal with the first big outage, the same disruptive malware picked off another huge institution, in Asia, also taking it offline. Then a third institution, in the UK, was hit.

At this point, Price explains, “This scenario is impacting major institutions across the globe. Markets are highly volatile. So how do we respond to it?” Representatives from the Bank of England and the UK’s Treasury participated in describing their role in the escalating, global attack.

The scenario ended with the ransomware migrating back to the US, where it impacted a financial market utility — one of the organisations responsible for facilitating payment and settlement activity in the US. Here, the participants described how mitigation efforts could help keep funds flowing and accounts settling.

Despite the imagined technical nature of a rapidly accelerating financial cyberattack, Price said participants were primarily focused on communications. This included how those companies communicate internally to their own executives and employees and externally to their clients.

“There is likely no greater threat to financial stability than a large-scale cyber incident.  Quantum Dawn V simulated a low-probability, high-impact event, which is something the industry must prepare for just as we do for other possible crisis events.  Building on our previous Quantum Dawn events, this year we made the exercise global,” said Kenneth Bentsen,  president and CEO, SIFMA .

“SIFMA and its member firms are deeply committed to improving the financial services sector’s cybersecurity resiliency and working with government partners to protect the broader economy.  Our sister trades—AFME in Europe and ASIFMA in Asia—share our commitment to cyber preparedness.  SIFMA, in its crisis coordination role, led the exercise, which included participants from SIFMA, AFME and ASIFMA member firms.

“Quantum Dawn V enabled key public and private bodies around the globe to practice coordination and to exercise incident response protocols, both internally, and externally, to maintain smooth functioning of the financial markets when faced with a series of sector-wide global cyberattacks.

“A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing. No single actor – not the government, nor any individual firm – has the resources to protect markets from cyber threats on their own, nor do cyber incidents restrict themselves to one geographic region.  That’s why the communication aspect was essential to the exercise’s success.

“Cybersecurity is truly an issue where the interests of the industry and public sector are fully aligned. SIFMA and our members are constantly working to improve cyber defences, resiliency and recovery through massive monetary investment in technology and personnel, regular training, industry exercises, and close coordination between the financial sector and the government, including our regulators. Best practices are developed and refined regarding penetration testing, insider threats, third-party risks, and secure data storage and recovery. Lessons learned from Quantum Dawn V will help shape these initiatives as we constantly work to get better.”

A fact sheet with details on Quantum Dawn V is available here.