SIFMA’s After-Action Report on Quantum Dawn VI Cybersecurity Exercise

Thomas Potter, III
Burr & Forman
Contact
LinkedIn
Facebook
X
Send
Embed

Burr & Forman

On March 31, 2022, the Securities Industry and Financial Markets Association (“SIFMA”) released its after-action report on Quantum Dawn VI – a global financial-markets cybersecurity exercise.

Quantum Dawn VI was conducted on November 18, 2021, with over 1,000 participants from 240 financial institutions and regulatory bodies representing 20 countries. The exercise simulated a large-scale ransomware attack by a state-actor against major global financial institutions and regulators. The scenario was chosen, in part, based upon an observed 93% increase in ransomware attacks during June 2020 – 2021. SIFMA has conducted the Quantum Dawn exercises for the past 10 years.

Key Findings Among the Participants

  • Recovery plans are common;
  • Many exercise their incident response and recovery plans;
  • Most have critical data recovery capabilities;
  • Cybersecurity insurance is widespread; and,
  • Most have bare-metal restoration capabilities for critical functions.

Key Recommendations

  • Continue investing in cyber, business-continuity and incident-response planning and recovery capabilities.
  • Create alternate communication channels for worst-case scenarios.
  • Beware that ransom may not recover data. (Indeed, FinCEN and other anti-money laundering agencies discourage ransom payments)
  • Join with global stakeholders.
  • Follow best practices:
    a. Critical infrastructure not exposed to public internet;
    b. Implement multi-factor identification everywhere;
    c. Use Identity Governance & Administration to detect backdoor accounts;
    d. Use Privileged Account Management systems for extra defense;
    e. Isolate and disconnect infected machines immediately; and,
    f. Develop proactive threat hunting capabilities.

On March 15, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022, requiring the Cybersecurity and Infrastructure Security Agency (“CISA”) to implement rules requiring incident reporting within 72 hours and ransomware payments within 24 hours, among others. That Act broadly mirrors similar rules recently proposed by the Securities and Exchange Commission (“SEC”). I covered the SEC’s proposal for public reporting companies in SEC Proposes Cybersecurity Disclosure Rule For Public Companies and for investment advisers and companies in SEC Proposes Cybersecurity Rule for Advisers, Investment Companies.

The After-Action Report comes even as Russia’s invasion of Ukraine has raised the cybersecurity threat landscape. Just days earlier, the Biden Administration issued another warning about potential Russian cybersecurity threats in response to the imposition of additional economic sanctions. That March 21 release may be found here.

The After-Action Report is here.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Burr & Forman | Attorney Advertising

Written by:

Burr & Forman
Burr & Forman
Contact
more
less

Burr & Forman on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide