For Wall Street, 9/11 lessons three years in the making

Computerworld - WASHINGTON -- With the third anniversary of the Sept. 11, 2001, terrorist attacks approaching this weekend, senior Wall Street executives today outlined for Congress unprecedented security measures that continue to be revised and improved to withstand what the government fears is an ongoing effort by al-Qaeda to disrupt the U.S. economy.
Appearing at a House Financial Services committee hearing today, senior government officials and executives from key financial institutions in lower Manhattan described in startling detail the efforts that continue to go into bolstering physical and cyber security for the nation's critical financial trading systems. The Department of Homeland Security raised the terrorist threat level to Code Orange on Aug. 1 for financial companies in New York, New Jersey and Washington.
Since the 9/11 attacks, the New York Stock Exchange has spent more than $100 million to bolster physical and cyber security and improve redundancy and business continuity, said Robert G. Britz, president and co-chief operating officer of the NYSE.
Among the improvements are a new contingency trading floor, an expansion of the emergency command center operated by Securities Industry Automation Corp. (SIAC), a remote network operations center, an ongoing effort to establish a remote national market system data center, and modifications allowing trading systems to accept four-character symbols, thereby providing backup for the Nasdaq stock market.
The most far-reaching security precautions, however, were undertaken in the area of physical security for both key personnel and critical data centers, said Britz. In addition to mandating that a certain percentage of personnel work off-site at any given time, the NYSE has worked with New York City officials to reroute bus traffic around its data centers, hired a 24-hour New York Police Department security detail for all data centers and deployed a geographically dispersed fiber-optic routing backbone. That backbone would allow equity brokers to maintain connections to the markets in the event of another 9/11-type of attack. Called the Secure Financial Transaction Infrastructure (SFTI), it connects more than 600 financial services firms.
Pronounced "safety," SFTI is a private extranet that provides continuous telecommunications and a secure means of connecting to trading, clearing and settlement, market data distribution and other SIAC services, Britz said. Instead of running circuits directly to SIAC, users connect to multiple access centers via their carrier of choice, eliminating the need to rely on a single telecommunications route, he said
All of SFTI's equipment, connections, power supplies, network links and access centers are redundant, and its architecture features independent, self-healing fiber-optic rings making it independent of all other telecommunications