Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities. October 21, 2013



Similar documents
Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015

Into the cybersecurity breach

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

Cybersecurity The role of Internal Audit

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Conducting due diligence and managing cybersecurity in medical technology investments

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

Key Cyber Risks at the ERP Level

Above My Pay Grade: Incident Response at the National Level

A Crisis Response, Information Sharing View of FFIEC Appendix J?

Business Continuity for Cyber Threat

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Testimony of John W. Carlson on behalf of the. The Financial Services Information Sharing & Analysis Center (FS-ISAC)

Bridging the data gap in the insurance industry. Cyber crisis management: Readiness, response, and recovery

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Cyber-Security: Proactively managing the cyber threat landscape

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

FS-ISAC CHARLES BRETZ

Cybersecurity Issues for Community Banks

Answering your cybersecurity questions The need for continued action

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

Mary E. Galligan Director Deloitte & Touche LLP August 4, 2015

Extending Security Analytics to support Operational Efficiency. John A. Greco Deloitte & Touche LLP Cyber Risk Services

Sustainability Analytics The three-minute guide

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

Waking Shark II Desktop Cyber Exercise

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Risk Considerations for Internal Audit

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Business Continuity at CME Group

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE

Big data The three-minute guide

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

December 13, Submitted via to

Protecting your business from fraud

Protecting against cyber threats and security breaches

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS

An Overview of Large US Military Cybersecurity Organizations

Cybersecurity Awareness. Part 2

Preventing and Defending Against Cyber Attacks November 2010

September 20, 2013 Senior IT Examiner Gene Lilienthal

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium

CYBERSPACE SECURITY CONTINUUM

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

Integrating Pandemic Readiness into Your Organization's Resiliency Model.

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

Banking and Finance Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Responses: Only a 0% Only b 100% Both a and b 0% Neither a nor b 0%

FINRA Publishes its 2015 Report on Cybersecurity Practices

MEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries

PROPOSED INTERPRETIVE NOTICE

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Preventing and Defending Against Cyber Attacks June 2011

ICBA Summary of FFIEC Cybersecurity Assessment Tool

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

v. 03/03/2015 Page ii

Testimony of. Edward L. Yingling. On Behalf of the AMERICAN BANKERS ASSOCIATION. Before the. Subcommittee on Oversight and Investigations.

I N T E L L I G E N C E A S S E S S M E N T

The Danish Cyber and Information Security Strategy

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Auto insurance telematics The three-minute guide

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Security Evolved

Analytics for Shared Services The three-minute guide

Transcription:

Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities October 21, 2013

Table of contents Background 2 Exercise objectives 3 QD2 cyber-attack scenario 4 QD2 yielded many positive results 6 Recommendations 7 Acknowledgements 8 1

Background Throughout 2013, a number of high-profile media reports have called attention to the growing threat of cyber-attacks against our country and especially our critical infrastructure. Cyber-attacks often have little forewarning and can happen rapidly or over a period of time, requiring the financial services sector (the sector ) to be vigilant and ready to respond. On July 18, 2013, the financial services sector set out to exercise its capabilities to respond to a wide-scale cyber-attack. The Quantum Dawn 2 cyber-exercise ( QD2 or exercise or simulation ), hosted by the Securities Industry and Financial Markets Association ( SIFMA ), represented the next step in the continuing effort by the sector to improve its ability to coordinate and respond to a systemic cyber-attack. Deloitte joined with SIFMA to serve as objective observers of the simulation and to assist in the preparation of this after-action report ( AAR ) to identify ways to improve sector-wide responses to cyber events. As used in this document, Deloitte means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. 2

Exercise objectives QD2 was a six-hour exercise simulating multiple trading days. Goals of the exercise, as defined by SIFMA, were as follows: Rehearse crisis management plans and mitigation strategies in response to cyber-attack scenarios and exercise business continuity and information security practices as an industry. Exercise the market response committee s decision making in the event of a cyber-attack. Stress the market sufficiently to test when the decision to close would be made. Simulate the loss of critical infrastructure within the financial services industry. Reexamine a revised sector-wide incident response flow (from QD1 after-action report). Develop an understanding of the operational readiness of the industry to open and function after an attack. 3

QD2 cyber-attack scenario The exercise scenario included multiple attack vectors originating from both external sources and malicious insiders. Motives for the attacks included the desire to steal large amounts of money, disrupt the equities market, and degrade a firm s post-trade processing capability. 1. 2. 3. 4. 5. 6. 7. Creation of an automatic sell-off in target stocks by using stolen administrator accounts Introduction of counterfeit and malicious telecommunication equipment to divert attention and slow the investigation into the automatic sell-off Substantiation of the price drop by issuing fraudulent press releases on target stocks Disruption of governmental websites and services through a distributed denial of service ( DDOS ) attack Corruption of the source code of a financial application widely used in the equities market Degradation of the credibility of an industry group by sending a phishing email to harvest user names and passwords and submitting false information on the attack Disruption of technology service by unleashing a custom virus with the goal of degrading post-trade processing 4

QD2 cyber-attack scenario (continued) The attack vectors described directly affected market performance and were intentionally designed to force the decision to close the market by the end of the exercise. The screen capture below from the first day in the simulated environment shows how the introduction of attack vectors impacted the market. A visible drop in the market index shows reaction of the markets and the ensuing crisis that could happen in a real-world scenario. 5

QD2 yielded many positive results The simulation brought together key members of business, operations, technology, security, and crisis management teams, allowing them to escalate and respond to cyber-attack scenarios effectively. The ongoing public-private partnership between the sector and various government and regulatory agencies that play a critical role in protecting the markets and investor confidence was furthered. As the incident unfolded, the Financial Services Information Sharing and Analysis Center (FS-ISAC), SIFMA, and market participants executed on the core components of the incident command structure as defined in the FS-ISAC crisis management playbook and other relevant protocols, including the formation of various committees and forums to support the sector. The role of the exchanges and clearinghouses as the hubs of information gathering and sharing was highlighted. Strong coordination between SIFMA and various FS-ISAC committees was evident. The Market Response Committee protocol was executed and was able to reach the decision to close the markets. The QD2 exercise successfully tested many of the processes and protocols that the industry has worked over the years to implement for incident response and crisis management. It raised awareness among industry participants about working together in a coordinated manner to address systemic risk issues. 6

Recommendations While the exercise yielded many positive results, it also identified opportunities to improve incident response and crisis management procedures and strengthen coordination among the industry participants. Sector-wide incident command structure and processes: Enhance the existing sector response playbook to better account for a securities industry specific incident with the goal of strengthening the integration between industry groups, market participants, and government agencies. Improve coordination between business and technology leaders during cyber incident analysis and response. Enhance the role of exchanges, clearing firms, and trusted government partners in cyber incident response and crisis management. Increase awareness about government resources available to assist the sector. Systemic risk assessment and decision process: Augment existing guidelines and decision frameworks to determine if cyber incidents are systemic in nature. Invest in next-generation capabilities to support systemic risk analytics, information sharing, and crisis management. Communication and information sharing: Institutionalize procedures for the market open/close decisions during times of cyber incident response and crises. Enhance protocols to promote increased communication and information sharing among market participants. Formalize public awareness and communications strategies with a view to promote trust and confidence in the markets. 7

Acknowledgements Participating financial institutions and associations Federal contributors U.S Department of Treasury, U.S Securities & Exchange Commission (SEC), Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI) Industry groups Securities Industry and Financial Markets Association (SIFMA); Financial Services Information Sharing and Analysis Center (FS-ISAC); Financial Services Sector Coordinating Council (FSSCC); Financial and Banking Information Infrastructure Committee (FBIIC); BITS - Financial Services Roundtable and Chicago First QD2 was designed by Norwich University Applied Research Institutes 8

Contact information Karl Schimmeck Vice President SIFMA +1 212 313 1183 kschimmeck@sifma.org Thomas Price Managing Director SIFMA +1 212 313 1260 tprice@sifma.org SIFMA brings together the shared interests of hundreds of securities firms, banks, and asset managers. These companies are engaged in communities across the country to raise capital for businesses, promote job creation, and lead economic growth. Edward W. Powers National Managing Principal Deloitte & Touche LLP + 1 212 436 5599 epowers@deloitte.com Walter Hoogmoed Principal Deloitte & Touche LLP +1 973 602 5840 whoogmoed@deloitte.com Vikram Bhat Principal Deloitte & Touche LLP +1 973 602 4270 vbhat@deloitte.com Deloitte s Security & Privacy practice assists many of the world s leading organizations to be secure, vigilant, and resilient in the face of cyber threats. http://www.sifma.org/services/bcp/cyber-exercise---quantum-dawn-2/ 9

This document contains general information only and Deloitte is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this document.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information