Quantum Dawn 2 report reveals plot twists of high-action mock cyber attack

Tools

The after-action report of this summer's Quantum Dawn 2 simulated Wall Street cyber attack is out, revealing the multiple plot twists of the industry-wide simulation that did justice to the exercise's Hollywood-like name.

The July attack exercise began with an automatic sell-off of target stock by someone using a stolen administrator account, according to the report released by the Securities Industry and Financial Markets Association (SIFMA), which sponsored the exercise, and Deloitte & Touche, which served as an independent observer. Shortly after the first stage of the attack began, counterfeit and malicious telecommunications equipment diverted attention from the sell-off. Fake press releases on the target stocks then made it look like the price drops from the sell off were substantiated. Several more issues ensued, including a denial of service (DDOS) attack, corruption of the source code of a popular equities market application and the unleashing of a virus to disrupt post-trade processing.

The most dramatic outcome of the test was a shutdown of financial markets that had been deliberately planned into the scenario to test the industry's decision-making process regarding a market shutdown.

While most outcomes of the attack were positive, there were lessons learned in terms of improving communication and cooperation among industry players. In particular, guidelines for determining if a cyber attack is systemic in nature could be improved and it was suggested that the industry invest in next-generation systemic risk analytics. In addition, the report recommends that the industry institutionalize market open/close procedures and improve communication both to the public and among market players.

The exercise involved 500 people from 50 different entities including Wall Street firms, exchanges, government agencies clearing and settlement utilities and industry groups.

For more:
- see the SIFMA announcement
- see the report