From the Regulators

U.S. drill shows need for partnership between industry and government in protecting against attack

By James Langton |

A recent cybersecurity drill has demonstrated that defending against a crippling cyberattack on the U.S. securities industry requires dedicated co-operation among the industry, regulators and the government.

The U.S. securities sector held an industry-wide test over the past two days (Nov. 7 and 8) to test its readiness for a large-scale systemic attack. The "closed loop" exercise, known as Quantum Dawn IV, involved more than 50 financial institutions and government agencies, including securities firms, banks, asset managers, industry infrastructure firms, regulators and government bodies such as the U.S. Treasury and the Federal Bureau of Investigation (FBI).

"A clear takeaway is the importance of a robust partnership between the industry and government grounded in information sharing," stated the U.S. Securities Industry and Financial Markets Association (SIFMA), the trade group that coordinated the exercise.

SIFMA noted that no single player, not even the U.S. government, "has the resources to protect markets from cyber threats on their own."

Over the next few weeks, SIFMA plans to work with Deloitte Risk and Financial Advisory Cyber Risk Services, an independent observer of the exercise, to analyze the results of the test and produce a public report that will set out recommendations for the sector to enhance its ability to respond to a systemic cyberattack.

"There is likely no greater threat to financial stability than a large-scale cyber event, which SIFMA considers a low-probability, high-impact event that the industry must prepare for along with other possible crisis events," said Kenneth Bentsen, Jr., president and CEO of SIFMA.

"The exercise underscores the increasing frequency and sophistication of cyberattacks," he added, "and the critical need for an effective allocation of cybersecurity resources at financial institutions. The financial services industry is a top target, facing tens of thousands of cyberattacks each day."