Sifma is staging a mock cyberattack on Wall Street in order to test the financial system’s resiliency.
The exercise, called Quantum Dawn 2, will take place on June 28 during normal trading hours. Up to 60 participating institutions, emphasizing small and medium-sized firms in addition to larger broker-dealers, clearing firms and exchanges, will participate in the exercise, which is intended to test incident response, resolution and coordination processes for the financial services sector as a whole and individual firms to a Street-wide cyberattack.
This is the second such exercise to be conducted. The first, called Quantum Dawn, was held in 2011, and tested risk practices across equities clearing and trading processes in response to infrastructure disruption, allowing from to exerciser their internal incident response plans.
“Building on the success of this exercise and the increasing threat posed to the sector by a coordinated, large scale cyberattack, we have decide to organize and coordinate a second generation cyber disruption called Quantum Dawn,” Sifma said in a statement.
The exercise will build on the lessons learned from the previous exercise as well as a second-generation version of the exercise tool called the Distributed Environment for Critical Infrastructure Decision-making Exercise-Finance Sector (Decide-FS).
There will be a significant number of enhancements within the software package focused on increasing the “fog of war” within the scenario and decision tension between the need to uncover the root cause of a disruption and the competing need to solve a problem and restore customer confidence quickly.
The continuing evolution of the securities markets to where they have become almost entirely electronic and highly dependent on sophisticated trading and other technology has resulted in several highly-publicized incidents.
The SEC’s proposed Regulation SCI (Systems Compliance and Integrity) is designed to ensure that core technology of national securities exchanges, alternative trading systems, clearing agencies, and plan processors meet certain standards and that these entities conduct business continuity testing with their members and participants.
In Canada, National Instrument 23-103 requires market participants who enter orders electronically to maintain policies, procedures and controls to manage the risks associated with electronic trading.
The Investment Industry Regulatory Organization of Canada had given firms until May 31, 2013 to compete testing and fully implement automated controls under NI 23-103, which went into effect on March 1.
“Compliance requires the consolidation of real-time trading flows across many different trading technologies,” said Anthony Masso, CEO of Succession Systems. “A broker may have several different trading systems and the market access risk system must adapt to all the platforms in use by clients.”
The Succession Systems product, named TripleCheck, consolidates, controls and reports on the trade flow emanating from third party trading platforms, direct market access routers, and co-located proprietary servers.
In addition, real time market access risk systems should operate at the highest speeds possible to avoid adding delays. “The TripleCheck dashboard allows the compliance teams to see every trade -- nothing is missed,” said Masso. “We tune the implementation to scan the orders in nanoseconds.”