Why we need industry-wide Quantum Dawn cybersecurity scenarios
Ransomware can bring multinationals, and even entire cities, to their knees— the devastation caused by WannaCry and NotPetya is evidence of that, while more than a few examples this year demonstrate the scale and continuity of the problem.
But, what happens when key players of an entire industry are targeted at the same time?
The result could be service blackouts of unforeseen length, with a massive impact on economies and society as a result.
In what has been codenamed ‘Quantum Dawn’, the banking sector is drilling itself on how it can respond to catastrophic cybersecurity scenarios which could take critical parts of the global financial system offline.
Led by the Securities Industry and Financial Markets Association (SIFMA), the fifth run of Quantum Dawn saw 800 participants from 12 countries, including large banks and regulators, from across the financial industry take part.
According to CNBC, the fictional event saw a large unnamed US company designated by regulators as “too big to fail” knocked offline by malicious ransomware.
The object of the simulation was for members to share questions and discussion of the rules around public disclosure of the incident, and how the wider financial industry could coordinate and share information that would help to assuage the impact of the attack.
However, in the midst of the first attack, the same malware then hit another organization in Asia, then a third in the UK.
At the point, SIFMA said there is a real danger of the global financial market becoming unstable. The test is a chance for the finance sector to communicate and problem-solve, internally, between clients and other firms.
With the simulated attack returning once more to the US, taking out an organization facilitating payment and settlement activity, participants described how mitigation efforts could help keep funds flowing and accounts settling.
Following the drill of Quantum Dawn, SIFMA will work with risk and compliance consulting firm Protiviti to review how participants of the test performed.
Observations and recommendations will then be published in a report, to help members of the finance industry close security gaps, and provide advice on recommended protocol when an attack takes place.
It’s not just the financial industry that must undertake such preparations, though. ImmuniWeb’s founder and CEO, Ilia Kolochenko, told TechHQ the idea was “laudable”, and other countries and industries would inevitably follow the example.
YOU MIGHT LIKE
Are the ransomware floodgates open in the US?
Kolochenko also said that the economic damage caused by a widespread attack on the finance sector might pale in comparison to one that combines it with a goal of misinformation, urging the need for such simulations not to take place in industry isolation, but corroborate across sectors.
“A large-scale ransomware attack, even if well-prepared and aimed against major financial institutions, is much less perilous than a campaign simultaneously targeting market regulators, news agencies and law enforcement agencies,” he said.
“A true ‘Black Swan’ will likely breach a couple of reputable news agencies to spread explosive but fake news, then will corroborate them with a message from a couple of breached governmental websites such as SEC or DOJ and, finally, will paralyze major banks with ransomware to create a verisimilitude of a global collapse.
“Such an attack may be the disastrous end of a modern-day financial world that is unprecedently fragile,” Kolochenko continued.
“Therefore, it would be a good idea to consider and asses the risks imputed to trusted third-parties during the next exercise, making it multidimensional.”
15 November 2019
15 November 2019