Senior Wall Street executives have outlined for Congress unprecedented security measures that continue to be revised and improved to withstand what the government fears is an ongoing effort by al-Qaeda to disrupt the US economy.
Appearing at a House Financial Services committee hearing, senior government officials and executives from key financial institutions in lower Manhattan described in startling detail the efforts that continue to go into bolstering physical and cyber security for the nation's critical financial trading systems.
The Department of Homeland Security raised the terrorist threat level to Code Orange on 1 August for financial companies in New York, New Jersey and Washington.
Since the 9/11 attacks, the New York Stock Exchange has spent more than $100m (£56m) to bolster physical and cyber security and improve redundancy and business continuity, said Robert G Britz, president and co-chief operating officer of the NYSE.
Among the improvements are:
- A new contingency trading floor
- An expansion of the emergency command centre operated by Securities Industry Automation (SIAC)
- A remote network operations centre
- An ongoing effort to establish a remote national market system datacentre, and
- Modifications allowing trading systems to accept four-character symbols, thereby providing backup for the Nasdaq stock market.
The most far-reaching security precautions, however, were undertaken in the area of physical security for both key personnel and critical datacentres, said Britz.
In addition to mandating that a certain percentage of personnel work off-site at any given time, the NYSE has worked with New York City officials to reroute bus traffic around its datacentres, hired a 24-hour New York Police Department security detail for all datacentres and deployed a geographically dispersed fibre-optic routing backbone.
That backbone would allow equity brokers to maintain connections to the markets in the event of another 9/11-type of attack. Called the Secure Financial Transaction Infrastructure (SFTI), it connects more than 600 financial services firms.
SFTI is a private extranet that provides continuous telecommunications and a secure means of connecting to trading, clearing and settlement, market data distribution and other SIAC services, Britz said.
Instead of running circuits directly to SIAC, users connect to multiple access centres via their carrier of choice, eliminating the need to rely on a single telecommunications route, he said
All of SFTI's equipment, connections, power supplies, network links and access centres are redundant, and its architecture features independent, self-healing fibre-optic rings making it independent of all other telecommunications circuits and conduits, according to Britz.
"Therefore, even if one SFTI fibre pathway is compromised, financial data traffic will continue to move uninterrupted along another pathway, improving the industry's protection against possible threats," Britz said.
The NYSE and SIAC also recently completed work on a remote network operations centre (RNOC) that Britz said will be in operation by the fourth quarter of this year. The RNOC will allow NYSE officials to monitor and operate the datacentres and will support the SFTI network as well as the computer systems comprising the Intermarket Trading System, the Consolidated Trade System, the Consolidated Quotation System and the Options Price Reporting Authority.
SIAC is also building a remote datacentre that will be in operation by the second quarter of 2005 and will support of the Consolidated Tape and Consolidated Quotation (CT/CQ) systems and the Options Price Reporting Authority.
John R Mohr, executive vice-president of global payment systems firm The Clearing House Association (TCH), said his firm hired a contractor to conduct both physical and cyber penetration tests. As a result of those tests, TCH reconfigured one of its key facilities, implemented biometric access-control systems and "all but eliminated visitor access to our operating centres".
TCH also developed a tertiary datacentre in a remote region of the country that is fully equipped to take over operation of its Clearing House Interbank Payments System (CHIPS) within an hour of a simultaneous failure of the other two CHIPS datacentres, said Mohr.
Using custom mirroring software specially developed by TCH, CHIPS was able to overcome distance limitations of synchronous mirroring technology and achieve recovery times consistent with synchronous mirror sites, he said.
Samuel H Gaer, CIO of the New York Mercantile Exchange, said all essential employees at his organisation have been issued cell phones with two-way radio capability. They also have portable two-way e-mail devices - some of which can be used to make emergency phone calls - and laptops with remote connection software and cellular modem cards to wirelessly connect to exchange system resources anywhere cellular coverage is available.
Despite these efforts to bolster physical security and network redundancy, Wayne A Abernathy, assistant Treasury secretary for financial institutions, warned Congress that the financial sector is under constant electronic assault by both organised crime and unknown entities.
"These assaults have progressed from computer hackers and pranksters into theft and now, we believe, on to schemes to disrupt the operations of our financial systems," he said. "Some of these attacks have their sources in organised crime and we believe that, increasingly, still more sinister actors are involved. The threat is not theoretical."
Dan Verton writes for Computerworld