Lessons from a Wargame: SIFMA Shares Quantum Dawn 2 Results
The Securities Industry and Financial Markets Association's wide-scale cyberattack simulation was a big success and yielded important lessons for the financial sector.
The results of one of the most interesting industry-led cybersecurity exercises of the past year are in. And now it’s time to apply the lessons learned.
The Securities Industry and Financial Markets Association (SIFMA) put on “Quantum Dawn 2,” a mass-infrastructure stress test of the financial industry’s many moving parts, to give its member companies some real-world training in the case of a catastrophic hacking incident.
About the test: The test, which took place in July, was the sequel to a 2011 test that was smaller and more centralized. This year’s SIFMA exercise had a more realistic setting, with 50 companies involved and 500 people taking part out from their actual offices.
How it went over: The association and its members were largely pleased with the results of the exercise, with many saying it succeeded in realistically simulating a cyber attack. “For a simulation, it did a very good job of creating the sense of urgency that you’d expect to see in a real-world cyber attack,” said Deloitte & Touche’s Ed Powers, who manages his agency’s security and privacy practice, to Reuters. The marketing of the test played a big part in attracting participants, with the movie-inspired name (riffing off one from the Twilight series) drawing in firms intrigued by the action-film-styled premise.
What can be learned? The cybersecurity test exposed a number of opportunities to improve collaboration, preparedness, and overall process, according to a report SIFMA released last week [PDF]. Among potential improvements, SIFMA cited investing in new technologies for risk analysis and crisis management and increasing government involvement. “Quantum Dawn 2 proved that information sharing between the private sector and the government is one of the most effective ways to combat cyber crime,” SIFMA CEO Judd Gregg, the former New Hampshire senator, said in a press release. “We hope this exercise will encourage Congress to pass legislation that promotes this sharing and other activities that will help our country more effectively mitigate cyber threats on the financial system.”
The association plans to put on a stress test of this scale every two years, with smaller tests in the interim.