The Gateway to Algorithmic and Automated Trading

Spotlight on: Cyber security

First Published in Automated Trader Magazine Issue 34 Q3 2014

Cyber security is one of the hottest topics in market surveillance, but what is the threat to the automated trading community? Experts and authorities are warning the financial industry to prepare for a reality of persistent cyber threats. Historically motivated by theft, there is also an emerging and alarming political dimension to cyber crime.

Disruptive attacks on financial market infrastructures are on the up as hacktivists target large organisations such as stock exchanges and banks, or activities such as firms' credit card processing abilities.

So far such disruptions have not had dramatic effect, said Mark Clancy, DTCC's managing director of technology risk management, partially because the vast majority of the global trading interconnections between traders, exchanges and clearing houses happen on private networks rather than the internet itself.

"In many cases there are (back-ups) that don't have internet dependency," Clancy said. "Projecting forward, you see a lot of economic pressures for people to use the internet as a transport mechanism."

This would open up the financial system to greater levels of risk. In 2012, "Shamoon" targeted Saudi Aramco, shutting down thousands of the oil firm's work stations. A group named "Cutting Sword of Justice" claimed responsibility. In 2013, South Korea was hit by "Operation Troy", which wiped the hard drive of thousands of computers in the banking and media industries.

"Those are the types of attacks that can affect market infrastructures, exchanges, trading venues and traders and could have significant impact on the operational risks of those institutions today," Clancy said.

Cyber security risk market place

The Index of Cyber Security provides an ongoing, methodologically transparent measure of the state of cybersecurity. It will directly assess the level of risk as perceived by practicing security professionals, communicate their combined opinion to the larger community and provide a baseline status against which other individual practitioners can compare their own views. The challenge being tackled is how the index can be calculated in a credible way, and, second, the specification for the securities that could be based on such an index and the design of the markets where these could be traded.

Going forward, the index will deliver consistent time series data useful to researchers, industry professionals, the media, security product vendors, and financial markets. The specification for securities that could be based on such an index and the design of the markets where these could be traded could become a future project.

Insider threat

Insider threats are numerically far less prominent than external attacks but can be far more harmful, according to Index of Cyber Security's July report. However, media attention to cybersecurity failure has never been more dangerous to organisations that have such failures. For those and other reasons, it is unlikely that there isn't under some sort of pressure or directive to change how organisations deter and/or contain insider threats.

Applying security updates to hosts in a timely way, restricting local administrative privileges on user machines, keeping malware definition files up-to-date, blocking ports that are not required, segmenting the network to keep sensitive data away from the DMZ (demilitarised zone) and user networks, blocking web surfing from servers or non-user devices, keeping users educated, hardening and monitoring domain controllers, and using inexpensive or open-source vulnerability scans can foil all but the most determined attackers. If application whitelisting is practical, that makes the task of the attackers even more difficult. In short, practitioners should take the message of keeping good hygiene to management, and stress that defense is far from a lost cause as many pundits would have people believe.

Source: Index of Cyber Security

Risky business

The motivations in play can be difficult to disentangle, but do tend to fall into four distinct groups - criminal, hacktivist, espionage and war-like. The financial system has been mostly concerned with protecting against the criminal activity such as theft, but protecting against other hazards is only just beginning.

"Hedge funds doing automated trading…have to be recognising that hacktivists, espionage, or war-like actors may decide that targeting an automated trading venue or trader might be the way to further their objective even if their motivation isn't to steal and that is something that the US financial infrastructure became very aware of in the last few years," he said.

The remainder of this article is only available to Paid Subscribers

Click here to purchase a subscription to Automated Trader

  • Copyright © Automated Trader Ltd 2017 - Strategies | Compliance | Technology

click here to return to the top of the page