ASX prepares itself for cyber warfare

The Australian Securities Exchange has undertaken its own "war games", simulating cyber-attacks as part of efforts over the past year to shore up its defences against a growing threat.

By InvestSMART · 24 Jul 2013

By InvestSMART ·
24 Jul 2013

Comments

The Australian Securities Exchange has undertaken its own "war games", simulating cyber-attacks as part of efforts over the past year to shore up its defences against a growing threat.

Efforts by the key markets operators to clamp down on high-tech crime come as more than half of world stockmarkets have revealed they have experienced a cyber-attack last year.

A research paper published by the World Federation of Exchanges and the International Organisation of Securities Commission found 53 per cent of exchanges - including the key global exchanges - suffered a cyber-attack last year.

ASX chief information officer Tim Thurman said Australia remained a relatively small target, with Asian and American exchanges more likely to experience attacks. However, Mr Thurman said that the ASX ran through cyber-attack scenarios in order to boost security.

Regulators around the world are stepping up warnings over the potential threat of cyber-crime on financial infrastructure. Fears of attacks range from markets and banking processes being shut down to the potential for share prices or other securities being manipulated.

According to the World Federation of Exchanges report, 80 per cent of large exchanges had experience a cyber-attack last year, compared with just under 28 per cent for small exchanges.

The report said that so far there was little evidence cyber-crime was having an impact on market integrity and efficiency.

"Exchanges tend to be victims of 'disruptive' forms of cyber-attack, rather than those executed for financial gain," it said.

The most common type of attack reported was a denial of service attack, which involves flooding a server with illegitimate communications requests in an effort to make it overload.

"Cyber-attacks against respondent exchanges are generally detected immediately. However, some respondents noted that detection times may lengthen when facing 'day zero' or unknown threats," the report said. The survey indicated that the cost of cyber-attacks were minimal, with all respondents indicating less than $US1 million ($1.1 million).

Some 89 per cent of exchanges surveyed said they viewed cyber-crime in equities markets as a potential systemic risk.

"Cyber-criminals now include sophisticated and well-resourced actors, undeterred by regulation, given the low likelihood of being caught. These actors are perpetrating attacks against securities markets with the motive of being disruptive and not just for immediate financial gain," the report said.

Last week in the US, key Wall Street players orchestrated a cyber-security exercise, testing 500 individuals and 50 banks and exchanges in a major simulated attempt to disrupt US equity markets. The move was designed to test crisis response procedures, information sharing and protocols relating to a systemic cyber-attack.

Go to Google News, then click "Follow" button to add us.

Share this article and show your support

Frequently Asked Questions about this Article…

What is the ASX doing to protect investors from cyber-attacks?

The ASX has been running its own “war games” and cyber-attack scenarios over the past year to shore up defences. ASX chief information officer Tim Thurman says these exercises help boost security by testing how the exchange would respond to different cyber threats.

How common are cyber-attacks on stock exchanges worldwide?

According to a World Federation of Exchanges and IOSCO research paper cited in the article, 53% of exchanges experienced a cyber-attack last year. The report found 80% of large exchanges and just under 28% of small exchanges had attacks.

What types of cyber-attacks target stock markets and exchanges?

The most common type reported was a denial-of-service (DDoS) attack, which floods a server with illegitimate requests to overload it. The report also notes that many attacks are disruptive in nature rather than executed primarily for immediate financial gain.

Do cyber-attacks on exchanges usually affect market integrity or investors' portfolios?

The report found little evidence so far that cyber-crime has had a material impact on market integrity and efficiency. However, regulators have warned about potential threats ranging from market shutdowns to possible manipulation of share prices, so exchanges and regulators are taking the risk seriously.

How quickly are cyber-attacks on exchanges detected and how costly are they?

Survey respondents said cyber-attacks are generally detected immediately, though detection can take longer for “day zero” or previously unknown threats. The exchanges that responded indicated the cost of attacks was under US$1 million (about $1.1 million) each.

Are global regulators and markets doing exercises to prepare for systemic cyber-attacks?

Yes. Regulators and market participants are stepping up warnings and preparedness. For example, a recent US industry exercise tested 500 people and 50 banks and exchanges to evaluate crisis response, information sharing and protocols during a simulated attempt to disrupt equity markets.

Should everyday investors be worried about cyber-crime creating systemic risk in equities markets?

Many exchanges view cyber-crime as a potential systemic risk—89% of respondents in the report said so. While there’s little evidence to date of major market disruption, investors should be aware that regulators and exchanges are preparing for the possibility of disruptive attacks.

Why do cyber-criminals target exchanges if not always for immediate financial gain?

The report notes that attackers now include sophisticated, well-resourced actors who are often motivated to be disruptive rather than simply to obtain immediate financial gain. Low likelihood of being caught and the potential to disrupt market infrastructure are cited as drivers for such attacks.