BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Global Exchanges Forge Cyber Security Alliance Against Hackers

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 13 Dec 2013 00:23:28 -0700
http://www.foxbusiness.com/technology/2013/12/12/global-exchanges-unveil-security-alliance-against-hackers/

Under siege by hackers, global financial exchanges announced plans on
Thursday to team up by forming the industry’s first cyber security
commission aimed at protecting global capital markets.

Financial exchanges have giant cyber bull’s eyes on them as they represent
an opportunity for financially-motivated hackers and ideologically-driven
hacktivists alike.

Disrupting trading on a major exchange like the New York Stock Exchange
would mark a major coup for cyber actors. In a recent exercise, “white hat”
hackers looking to expose cyber vulnerabilities of the U.S. equity markets
were able to directly impact market performance.

Cyber security professionals said the committee announced on Thursday is
long overdue.

“It’s late 2013 and I’m surprised they haven’t done this already,” said
Skylar Rampersaud, senior security researcher at cyber security firm
Immunity. “If someone can really attack one of these exchanges, that’s
news. It would be an easy way for a group to get their name out there and
show they have an impact.”

The World Federation of Exchanges said the new cyber security committee
will identify and communicate global information security best practices in
an effort to protect market infrastructures.

Mark Graff, chief information security officer at Nasdaq OMX Group (NDAQ)
will serve as the committee’s inaugural chair, while the vice chair will be
Jerry Perullo, vice president of information security at
IntercontinentalExchange (ICE), which recently completed a buyout of NYSE.

WFE said the founding committee members feature a slew of major exchanges,
including the CME Group (CME), NYSE Euronext, the Toronto Stock Exchange,
the Australian Securities Exchange, the Depository Trust & Clearing Corp.
and the Saudi Stock Exchange.

"I'm proud to be working with an array of some of the brightest information
security officers who in the exchange industry around the world," Graff
said in a statement. "We are tasked with a significant goal: to build
universal best practices and partner with third-parties to combat systemic
cyber abuse to ensure the resiliency and strength of our capital markets."

WFE said the committee is also tasked with establishing a communication
framework “based on mutual trust,” facilitating information sharing and
enhancing dialogue with policy makers and regulators.

“People get touchy about sharing their data outside of the enterprise. It’s
helpful to have a formal way to do that so that people who are having more
success defending against attacks can help others doing the same job in
different places,” said Rampersaud.

Earlier this year, the International Organization of Securities Commissions
issued a report with WFE that revealed 53% of exchanges have suffered a
cyber attack in the last year. Attacks have focused on non-trading related
online services and websites and “have not come close to knocking out
critical systems or trading platforms,” the report found.

Still, some 89% of respondents in the survey agreed that cyber crime in
securities markets should be considered a “system risk.”

The Quantum Dawn 2 operation released in October took place over six hours
and simulated multiple trading days. The exercise, which involved more than
50 entities and 500 people in the financial services sector, highlighted
recent progress in the industry but also underscored lingering
vulnerabilities.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: