The financial services industry can improve on sector-wide incident command structure and processes, systemic risk assessment and decision process, and communication and information sharing, according to a report by Deloitte & Touche after observing the mock cyber attack called Quantum Dawn 2, organized by Securities Industry and Financial Markets Association (SIFMA) in July.
In order to identify and prevent simulated cyber attacks, J.P. Morgan, Bank of America, NYSE Euronext and various federal agencies, such as the Federal Bureau of Investigation, collaborated on the simulated attack.
“Quantum Dawn 2 demonstrated the industry’s resiliency when faces with serious cyber attacks that aimed to steal money, crash systems and disrupt equity market trading,” says Judd Gregg, SIFMA’s CEO. “We hope this exercise will encourage Congress to pass legislation that promotes this sharing and other activities that will help out country more effectively mitigate cyber threats on the financial system.”
Deloitte pinpointed three ways to improve sector-wide incident command structure. The first is focusing on enhancing the existing sector response playbook to account for a specific incident with the goal of strengthening the integration between industry groups, market participants and government agencies.
The second is to improve coordination between business and technology leaders during cyber incident analysis and response. The third is to enhance the role of exchanges, clearing firms and trusted government partners in cyber incident response and crises management as well as increasing the awareness of government resources available to assist the sector.
To improve systemic risk assessment and decision process, Deloitte recommended expanding current guidelines and decision frameworks to determine if cyber incidents are similar in nature and support systemic risk analytics, information sharing and crisis management by investing in next-generation capabilities.
Establishing procedures for market opening and close decisions during a cyber incident response and crises, enhancing protocols to promote increased communications and information sharing among market participants, and structuring awareness and communications strategies to promote trust and confidence, are also recommended by Deloitte.
“The financial industry should continue developing capabilities for detecting incidents when they occur, minimizing the impact on business and critical infrastructure, and tying these capabilities together in a comprehensive frameworks,” says Ed Powers, national managing partners of security and privacy practice at Deloitte & Touche, in a release.
According to the report by Deloitte, the simulation included attacks from external sources and from within. The mock attack included selling off stocks by using stolen administrator account and introducing counterfeit telecommunication equipment to divert attention from investigating automatic selling.
The exercise also included issuing fake press releases on certain stocks to drop prices, using a distributed denial of services (DDoS) attack to disrupt government websites and corrupting source code used in financial applications. Other disruptions include unleashing a custom virus to degrade post-trading processing and sending phishing emails to get user names and passwords.