A major cyber security exercise carried out by the U.S. securities industry earlier this year highlights the importance of information sharing in the face of a serious attack, the Securities Industry and Financial Markets Association (SIFMA) announced on Monday.
SIFMA has published a summary of its key findings from the cyber security exercise that was held in September, known as Quantum Dawn 3. More than 650 people from 80+ financial institutions and government agencies participated in this exercise, SIFMA notes.
The exercise include three types of attacks: firm-specific attacks, such as a distributed denial of service (DDoS), a domain name system (DNS) poisoning, or breach of personally identifiable information (PII); rolling attacks upon equity exchanges and alternative trading systems that disrupted equity trading without forcing a close; and a failure of the overnight settlement process at a clearinghouse.
SIRMA’s report on the exercise makes recommendations for enhancing industry cyber security processes, including: enhancing executive leadership involvement in the response, recovery, and decision making protocols; and creating integrated cyber incident response teams at firms comprised of representatives from internal information security, technology, business functions, and necessary third parties.
The SIFMA report also recommends enhancing the role of market utilities in the early detection of, and response to, a systemic crisis. As well, the SIFMA report calls for strengthened communication with regulators and government agencies, promoting standards and processes to allow market participants to share various cyber-attack information, and defining thresholds and criteria for when institutions should engage with government agencies/regulators, and vice versa, during an incident.
“We are encouraged by the industry’s progress in cyber security preparedness and response since the 2013 Quantum Dawn 2 exercise, yet we know that this work is never done. The After-Action report findings highlight the importance of enhanced information sharing and co-ordination among the public and private sectors in mitigating threats,” said Kenneth Bentsen, Jr., president and CEO of SIFMA.
The report was developed by Deloitte Advisory Cyber Risk Services, which was hired to serve as an objective observer of the exercise and assist in making recommendations for enhancing the financial services sector’s protocols for responding to a large-scale cyber attack.
“The importance of preparing for a systemic cyberattack cannot be understated. When a company is faced with a cyber incident, the impact can be very serious; but it’s important, especially in critical infrastructure sectors like financial services, to recognize that attacks may not be isolated to one organization. That’s why testing cyber security, vigilance, and resilience across the sector is essential,” said Ed Powers, U.S. Leader for Deloitte Advisory Cyber Risk Services.