SIFMA Quantum Dawn VI
A Decade of Testing and Resilience
Over the past 10 years, the Securities Industry and Financial Markets Association (SIFMA) has coordinated a series of industrywide resilience exercises known as Quantum Dawn. These exercises provide a forum for financial firms, regulatory bodies, central banks, law enforcement, government agencies, trade associations and information-sharing organizations to respond to simulated cyber and/or physical attacks.
QDI 2011 November & QDII 2013 July
Quantum Dawn I & II - In November 2011 and July 2013, the financial services sector, in conjunction with service provider Norwich University Applied Research Institutes (NUARI), organized two marketwide cybersecurity exercises called Quantum Dawn I and Quantum Dawn II, respectively. Those events provided a forum for participants to exercise risk practices due to a disruption in equity trading and clearing processes in response to a systemic attack on market infrastructure.
QDIII 2015 September
Quantum Dawn III - Whereas Quantum Dawn II focused on decision making for closing the equity markets, Quantum Dawn III, held in September 2015, focused on exercising procedures to maintain market operations in the event of a systemic attack. Participants first experienced firm-specific attacks, followed by rolling attacks on equity exchanges and alternative trading systems that disrupted equity trading without forcing a close. The concluding attack centered on a failure of the overnight settlement process at a clearinghouse.
QDIV 2017 October
Quantum Dawn IV - In November 2017, SIFMA introduced the concept of integrating cyber range capabilities into industry exercises and engaged the SimSpace Corporation’s Cyber Range software for the simulation. Day 1 of Quantum Dawn IV provided a real-life “hands-on-keyboard” experience for participating institutions to test their technical cyber response capabilities, while Day 2 involved participants engaging in a sectorwide simulation to test their crisis response, communication, and coordination capabilities around a large-scale targeted cyberattack against numerous financial institutions and news organizations.
QDV 2019 November
Quantum Dawn V - SIFMA’s first global cyber exercise, held in November 2019, enabled key public and private bodies around the globe to practice coordination and exercise incident response protocols, both internally and externally, to maintain smooth functioning of the financial markets when faced with a series of sectorwide global cyberattacks. The exercise helped identify the roles and responsibilities of key participants in managing global crises with cross-border impacts and began development of its Global Directory of key crisis management contacts across the public and private sectors.
Ransomware recovery plans are common
Does your organization have a ransomware recovery plan?
Approximately 93% of financial institutions that participated in the recent Quantum Dawn exercise have developed ransomware recovery plans or integrated ransomware incident response procedures into existing crisis or cyber incident response plans.
Typically, the plans cover data recovery and internal and external communications with clients, law enforcement, government resources, legal and compliance teams, regulatory authorities, trade associations, and information-sharing bodies.
Many firms have critical data recovery capabilities
Do you have the capability to recover critical data within your recovery time and recovery point objectives?
Firms should continue to protect critical data through replication and backup, as well as prioritize testing strategies that allow for adherence to established recovery objectives (i.e., recovery time and recovery point objectives).
Approximately 97% of respondents reported that their firms have the capability today to recover critical data within their recovery time and recovery point objectives under normal circumstances.
Bare-metal restore capabilities
Do you have the capability to bare-metal restore your critical business functions?
Although responses varied by type of institution, many respondents (90%) indicated that their organizations have the capability to bare-metal restore critical business functions in the event of a cyberattack.
Have you conducted or participated in a ransomware recovery exercise?
Prior to Quantum Dawn VI, nearly 70% of participating financial firms indicated that they have exercised their ransomware recovery plans. The event provided an additional opportunity for participants to exercise their plans and gain a deeper understanding of ransomware recovery time frames and processes.
Ransomware and general cyber insurance are widespread
Does your organization have cyber insurance?
As shown in the graphic, 90% of firms have a form of cyber insurance -- 49% have ransomware cyber insurance, while another 41% have general cyber insurance that would cover business interruptions.
While cyber insurance does not protect firms completely in all instances, it is a risk transfer strategy that could be implemented and maintained over time.
A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing. No single actor — not the federal government nor any individual firm — has the resources to protect markets from cyber threats on their own. Firms should continually test their crisis management, incident response and data recovery plans to ensure rapid response and recovery from ransomware or other types of cyberattacks.
Visit sifma.org to learn about SIFMA’s Quantum Dawn exercises, its annual industry business continuity tests and ongoing efforts to improve the industry’s cyber and operational resilience.