Lessons from Quantum Dawn: the biennial US financial sector cyber security exercise

Published: Thursday, 07 April 2022 07:48

SIFMA has released a summary of key recommendations from its biennial Quantum Dawn cyber security exercise, which was conducted in November 2021. This event enabled financial firms, central banks, regulatory authorities, trade associations, law enforcement and information sharing organizations around the world to rehearse incident response protocols, both internally and across the sector, against a broad range of significant ransomware attacks targeting the financial sector.

Participants included over 1,000 representatives from 240 public and private sector institutions, including financial firms, central banks, regulators, and law enforcement entities, across more than 20 countries around the world.

“A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing,” said Kenneth E. Bentsen, Jr., SIFMA president and CEO.  “No single actor — not the federal government, nor any individual firm — has the resources to protect markets from cyber threats on their own. Firms should also continually exercise their crisis management, incident response, and data recovery plans to ensure rapid response and recovery from ransomware or other types of cyber-attacks.”

Along with SIFMA, global consulting firm Protiviti helped organize the simulation and prepare the After-Action Report with recommendations aimed to help the sector strengthen its readiness to defend critical financial services infrastructure from an array of cyberattacks and extreme scenarios.

Those recommendations include:

Make critical investments in capabilities
Institutions should continue to invest in robust ransomware recovery and cyber, business continuity and information technology incident response plans and strengthen these plans based on frequent exercises and tests.

Create alternate communication channels for worst-case scenarios
In the event a regulatory authority is impacted by a ransomware event and goes offline, firms should have processes in place to use alternate communications channels.

Beware:  Ransom payments may not lead to data recovery
SIFMA does not recommend paying a ransom. Executives need to carefully consider the realities of taking such actions, including the possibility that they still may not recover stolen data.

Join global directory of critical stakeholders
Financial firms are strongly encouraged to join SIFMA’s Global Directory of critical stakeholders.  This directory was created to identify critical public and private sector organizations and key contacts that play a role in crisis management and global information sharing.

Follow best practices

More details.