Nasdaq, other global exchanges to collaborate on cybersecurity
World Federation of Exchanges creates working group to address cyberthreats against capital markets
CareerJournal - The World Federation of Exchanges, a trade group representing 57 stock, futures and options exchanges around the world, has established an international committee to collaborate on cybersecurity best practices for global capital markets.
The WFE's Cyber Security Working Group, announced Thursday, expects to bring together security executives from some of the world's largest exchanges. They will collaborate on a communication framework for sharing threat intelligence and information on attack trends, attack mitigation, security best practices, standards and technologies.
Founding members of the group include Nasdaq OMX, the New York Stock Exchange, Toronto Stock Exchange, Germany's Deutsche Boerse, Saudi Stock Exchange, Singapore Exchange and BM&FBOVESPA of Brazil.
In terms of scope and goals, the working group will be similar to the Financial Services Information Sharing and Analysis Center (FS-ISAC) that serves as a clearinghouse of cyber threat information for the U.S. financial services community.
The WFE's initiative comes at a time of heightened concerns about cyberthreats against the major exchanges. In a survey report released in July by the WFE, more than half of all exchanges said they had suffered a cyberattack during the last 12 months. The most common attacks reported were Distributed Denial of Service attacks designed to disrupt services rather than to cause financial harm.
Nearly nine out of 10 respondents described cyberattacks as a systemic risk to their operations.
Nasdaq suffered a glitch earlier this year that resulted in an unprecedented trading halt for several hours. Though the issue was later traced to a connectivity problem between an exchange participant and Nasdaq's Securities Industry Processor (SIP) system, it served as a reminder of the havoc a cyberattack could wreak.
Initially, the working group will focus on establishing communication channels and building trust among the various members, said Mark Graff, Nasdaq's chief information security officer and chairman of the working group. Members will work on the mechanics of sharing threat information with each other in a way that does not trigger anti-trust issues, break confidentiality rules, or violate regulatory controls.
Over time, the group hopes to develop countermeasures for dealing with internal and external cyberthreats on an international scale. In addition, it plans to engage with regulators and policy makers in different countries and see how best to communicate industry concerns to them, he said.
"We want to exchange ideas on how to find a good way to explain to [international] regulators what we are doing," Graff said. "How do you explain threats and vulnerabilities to regulators? Has anyone found metrics that we can present to them?"
Graff, a former security executive at the Lawrence Livermore National Laboratory and before that the U.S. Department of Defense, took over as Nasdaq CISO about 18 months ago and immediately noticed how difficult it was to connect with counterparts in other countries.
"When I took the job at Nasdaq, I found it was easy to connect with people within the [U.S.] financial community," Graff said. "But I just couldn't see who my opposite numbers were in exchanges overseas."
So over the past several months, Graff, along with WFE members and Nasdaq staff, worked on compiling a list of security executives from global exchanges. In October, Nasdaq convened a meeting of security executives from 12 large exchanges around the world to study the idea of a global working group on cybersecurity. That led to the creation of the Cyber Security Working Group.
"I have found in my years in the business it is extremely effective to have established channels of communications with colleagues in other corporations," Graff said. "It's important to develop a relationship and build trust, so if a crisis develops we have effective communication channels," for sharing information, he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is firstname.lastname@example.org.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Something-something “LASER” something-something-something.
The MtGox Bitcoin exchange is bankrupt. Not a huge surprise, but insiders are also alleging chronic incompetence within the company, flowing from the CEO, Mark Karpeles. Supposed hackers have also leaked some PHP code that appears to substantiate those allegations. But could it all be an elaborate ruse to steal customers'
MtGox Co., Ltd. is now aiming for "civil rehabilitation" in a Tokyo District Court (similar to Chapter 11 bankruptcy protection in the U.S.).
In IT Blogwatch, bloggers release the frickin’ ill-tempered, mutated sea bass.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Accelerating Speed to Market in the Highly Competitive Automotive Industry
- This White Paper discusses how an Enterprise Project Portfolio Management solution optimizes project analysis, management, reporting and risk mitigation processes to accelerate new...
- ERP in the Cloud and the Modern Business
- View IDC's White Paper, to review IDC CloudTrack Survey findings, gain expert insight into the challenges and opportunities the cloud presents, and determine...
- Financial Security: What smaller Institutions can learn from DDoS attacks on big banks
- Since last fall, several waves of distributed denial of service (DDoS) attacks have targeted major players in the U.S. banking industry. JPMorgan Chase,...
- Red Hat Enterprise Linux - The Original Cloud Operating System
- Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
All Financial IT White Papers
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- All Financial IT Webcasts