A May 31st story in The Wall Street Journal focuses on how the Pentagon now considers another country’s cyber attacks upon key US systems such as power grids, subways, nuclear reactors and financial markets as acts of war, requiring a traditional military response. This is a big step forward because it’s an acknowledgment of the seriousness of these threats.
Among the examples cited in the WSJ story is an August 2008 attack on the websites of Georgian government agencies and financial institutions during the brief war between Russia and Georgia. In May 2007, there was a cyber attack on Estonian banking and government websites that did a lot of damage because Estonia has a greater dependence on online banking services.
But, we don’t have to look far for examples of hackers taking on Wall Street.
In early February, the Nasdaq OMX Group went public about hackers that had broken into its network and infected the Directors Desk service. The service facilitates the storage and exchange of documents among 300 or so company boards. The hackers did not get as far as Nasdaq OMX’s transaction platforms and did not reach customer information.
Hackers had repeatedly broken into the system over the course of a year prompting the FBI to lead an investigation originally started by the US Secret Service. At the time, the WSJ reported that investigators were mulling motives such as illegal financial gain, the stealing of trade secrets and “a national-security threat designed to damage the exchange.” The WSJ also quoted an expert who said that ultimately hackers are looking beyond exchanges to major financial services firms. The National Security Agency (NSA) has also been brought in to review the situation, prompting industry observers to wonder if the exchange had suffered a state-sponsored attack, according to subsequent media reports.
Since the Nasdaq story broke, the Deutsche Börse merger with NYSE Euronext has advanced—a sign that global electronic markets are becoming even more tightly interconnected, making physical boundaries virtually meaningless. While there will be many benefits to come from the merger, the stakes are higher—from a cyber security point of view—because so much more could be brought down by a successful cyber attack.
The government, exchanges and institutions face great challenges as they attempt to prevent debilitating cyber attacks. Narrowing down the source of a major cyber attack, for instance, will always be difficult, especially if a savvy government or group is behind it.
Yet it’s encouraging that US government is taking the cyber attack threat seriously. Let’s hope the Pentagon and the feds are not too late to the game.
Need a Reprint?
Leave a Reply