This week, the Securities Industry and Financial Markets Association, or SIFMA, held the fifth in a series of exercises meant to simulate a catastrophic cybersecurity event in the banking sector, known as "Quantum Dawn."
The exercise offers an important yearly insight into what the financial services industry sees as its biggest risks and how it envisions a major cyber disaster unfolding.
This year was the first Quantum Dawn exercise that incorporated participants from outside the U.S., including Europe and Asia. The scenario was a targeted ransomware attack with impacts on major banks across the globe, starting with the U.S. and moving across Asia and the U.K.
Ransomware has caused significant issues to major corporations, notably with two major attacks in 2017 known as WannaCry and NotPetya. The fictional scenario outlined by SIFMA highlights what would happen if such an incident targeted the biggest financial institutions, taking critical parts of the global financial system offline.
Around 800 participants from large banks, regulators and other financial firms from 12 countries joined the simulated cyberattack by conference call starting at 7 a.m. Thursday, said Thomas Price, a managing director at SIFMA. Other organizations established to share cyberthreat information also participated, including SIFMA's counterparts in Asia and Europe.
The fictional event centered around a big unnamed U.S. company — one of the "systemically important financial institutions" designated as "too big to fail" by regulators. After the close of the stock market, the institution was attacked by malicious ransomware and knocked offline, Price said. The initial scenario was followed by a number of questions and discussion of rules around public disclosure of the incident and how the wider financial industry would coordinate and share information, he said.
While the U.S. scrambled to deal with the first big outage, the same disruptive malware picked off another huge institution, in Asia, also taking it offline.
Then a third institution, in the U.K., was hit.
At this point, Price said, "This scenario is impacting major institutions across the globe. Markets are highly volatile. So how do we respond to it?" Price said representatives from the Bank of England and the U.K.'s Treasury participated in describing their role in the escalating, global attack.
The scenario ended with the ransomware migrating back to the U.S., where it impacted a financial market utility — one of the organizations responsible for facilitating payment and settlement activity in the U.S. Here, the participants described how mitigation efforts could help keep funds flowing and accounts settling.
Despite the imagined technical nature of a rapidly accelerating financial cyberattack, Price said participants were primarily focused on communications. This included how those companies communicate internally to their own executives and employees and externally to their clients, he said.
SIFMA will work with Protiviti, a risk and compliance consulting firm, to see how the participating organizations performed. They expect to publish a public report with observations and recommendations on closing any gaps discovered during the event.