July 18, 2013
The financial industry takes the issue of cyber security very seriously and is proactively working to mitigate this threat. SIFMA is holding the Quantum Dawn 2 exercise to enable both individual firms and the sector as a whole to test their response plans in order to maintain effective and orderly markets and protect clients.
Broad participation is essential to maximizing the potential of the Quantum Dawn 2 program to inform best practices moving forward. Confirmed participants include financial firms of all sizes, as well as exchanges, the U.S. Treasury and the Department of Homeland Security. The number of participants to date is already more than double that of the Quantum Dawn 1 exercise that was held in 2011.
As many of our members are aware, in November of 2011 the Financial Services Sector Coordinating Council (FSSCC) hosted a market-wide cyber disruption exercise called Quantum Dawn. That event exercised risk practices across equities clearing and trading processes in response to infrastructure disruption, allowing firms to exercise their internal incident response plans in conjunction with each other, with the FSSCC, and with the FBIIC. The value of this type of exercise was clear to participants, and has since been reinforced by operational disruptions and incidents involving firms in markets both in the U.S. and overseas.
Building on the success of this exercise and the increasing threat posed to the sector by a coordinated, large scale cyber attack we have decided to organize and coordinate a second generation cyber disruption exercise called Quantum Dawn 2. This exercise will build on the lessons learned from the previous exercise as well as a second generation version of the exercise tool called the Distributed Environment for Critical Infrastructure Decision-making Exercises – Finance Sector (DECIDE-FS™). We expect this exercise to improve the readiness of sector as a whole to respond to a street-wide cyber attack and allow each participating firm to test their internal coordination mechanisms and processes to maintain business resiliency.