The World Federation of Exchanges has announced the creation of a cyber security committee for the purposes of defending global capital exchange markets.
This committee, led by Mark Graff, Chief Information Security Officer (CISO) at Nasdaq, will partner with third-party actors in an attempt to build trust and facilitate communication within global markets.
But this development belies an important point: experts in both the financial and IT fields have been asking that the WFE form such a committee for months, if not years.
In these individuals’ minds, a cyber security committee is necessary because financial organizations are too tempting and easy of cyber targets. Unlike a few years ago, cyber weapons and ideology closely interact in today’s strategic environment. This means that hackers can attack global markets for ideological purposes, such as to deal a symbolic blow against the capitalist system, or to make others hacker groups appreciate their malicious cyber expertise. This is especially concerning given the proliferation of cyber tools that hackers can use to accomplish nefarious purposes in cyberspace, not to mention the abundance of support-providing organizations hackers can use to infiltrate targets such as the New York Stock Exchange.
As of late-2013, no cyber attacks have directly affected trading. However, that is not to say financial organizations are safe. In January of 2012, the pro-Palestinian cyber group called “Nightmare” infiltrated Israel’s stock exchange and caused its website to malfunction. This demonstrates that websites of global capital exchanges can be attacked, and with the changing nature of cyber attacks’ complexity, frequency, motives, and range of actors involved, it is not long until one group of hackers might dare to be the first ones to interrupt actual transactions and manipulate money accounts.
This announcement comes on the heels of Quantum Dawn 2, an exercise back in September during which ethical “white hat” hackers attacked more than 50 financial services entities in the United States. Much was learned about these organizations’ response capabilities, and while much of the sector’s structural safeguards worked, one weakness became abundantly clear: organizations in the financial services sector do not share information, neither with the government nor with each other.
Members in Congress realize this and have therefore drafted a bill that would expand the public-private model as it relates to cyber security. However, if the past years are any indication, this bill will probably not pass.
A cyber attack that could interrupt transactions would be devastating to the financial services sector: investors would lose faith in the market, which would permeate to local markets and adversely affect state economies. In order to avoid crises such as this, global capital markets need to begin communicating with one another, even in the absence of government leadership. And the WFE cyber committee is a good way to start.
Name: David Bisson
Twitter Handle: @DMBisson
Area of Expertise:
David specializes in cyber security as it relates to U.S. national security and to American military and strategic culture.
Professional Biography:
David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation. He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern. Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.