Successive U.S. administrations’ failure to stop al-Qaida helped facilitate the 9/11 attacks. Targeting the World Trade Center, the symbol of U.S. financial might, bin Laden intended to destroy the U.S. financial markets and its economy. He failed. The markets survived.
However, bin Laden’s and other Islamists’ calls to destroy the U.S. economy, along with rapidly evolving technology, left the financial markets vulnerable. Over the past 11 years, the U.S. failed to prepare for another major war – one that is already under way, yet rarely recognized: financial and economic warfare.
Cyber attacks have been the focus for some time. Between October 2011 and February 2012, more than 500,000 cyber attacks on U.S. government and private industry, including 86 attacks on “critical infrastructure networks,” were detected. However, a July 2012 report by the Bi-Partisan Task Force, headed by Gen. Michael Hayden, concluded that these represented “a small fraction of ‘virtual, network type’ attacks against the U.S.”
The U.S. financial industry, supposedly one of the most closely monitored sectors of our economy, remains susceptible to serious threats. Not all from the outside, either. While the streets will not be littered with bodies, when elements of our financial infrastructure – the monetary system, various exchanges – come under attack, the U.S. economy – and the world’s economy–could be severely damaged and millions of people devastated. Smaller attacks are already being carried out incrementally, yet rarely detected, periodically bleeding the market. The reaction, or lack thereof, leaves the stock market open to an overwhelming attack that is likely to leave the U.S. economy in dire straits for years.
Contributing factors to such threats include the opacity of the market, which is exacerbated by greed and rapidly evolving technologies. For example, Knight Capital’s software glitch last August has eroded confidence in the U.S equity market, according to a survey released by the TABB Group. However, there is much more at stake.
Consider May 6, 2010, when the U.S. stock market plunged about 1,000 points (9 percent). Although the market recovered most of those losses in minutes, the U.S. economy is still feeling the aftereffects. Two years later, while worried about a similar crash, the entire financial industry has yet to receive a cogent explanation of why and how this event occurred. A joint report by the Securities and Exchange Commission and the Commodity Futures Trading Commission did not rule out “terrorism” as a possible cause for the 2010 “flash crash.”
An exceedingly electronic-driven market system facilitates high frequency trading (HFT), which, by its very nature, is opaque, unregulated and misunderstood. Moreover, the current market structure’s deficient security leaves it vulnerable to attacks.
Compounding these threats is the Direct Market Access (DMA) – electronic trading facilities that allow investors to interact with the order book of an exchange – as it often is combined with proprietary algorithmic trading strategies.
Adding to market vulnerability are the large number of leading high-frequency programmers, who reside in such countries as Ukraine, Romania, India and the Philippines, and are not subject to proper background checks.
This opens the door for cyber threats from DMA clients and by potential “sleepers” residing at member or brokerage firms.
The idea of a new rule to limit one aspect of “dark pools” has been kicked around for the last two years. It would require dark pool participants to place real displayed orders into the pool before they trade, providing more transparency to the market. But this attempt to prevent dark pool operators from picking their prey – like a sniper – milliseconds before the trading closes, risks objections from the HFT crowd.
This foot-dragging has resulted in investors’ loss of confidence, hurting capital formation and job creation, the very foundation of capitalism.
Recognizing the need to better monitor the markets, the Securities and Exchange Commission recently issued Rule 613 – Consolidated Audit Trail (CAT) – an audit system that will apply to mostly secondary market transactions in the NASDAQ National Market. CAT will capture all orders and cover stocks on that exchange – but excludes over-the-counter options, futures, bonds, foreign exchange or other derivatives trades.
However, the CAT audit will occur a day after trading takes place, not in real time, because the cost of auditing the whole market in real time – more than $4 billion – is considered excessive. While CAT is a positive beginning, it’s too limited, too little and too late to be a major deterrent against crippling economic warfare attacks.
Our financial markets’ vulnerabilities are well-known to those intent on sabotage. Despite an awareness of such threats, the nation’s tools for early identification of financial threats remain limited, as the latest survey of IT security executives concluded. These represented 100 companies and organizations with more than $100 million in annual revenue. Moreover, even when detected, financial-industry cyber attacks go underreported, or unreported, because officials are reluctant to divulge information that could prevent further losses.
The threat of a mega attack on the financial markets, a major factor in America’s economic stability, is very real. Crash attacks via high-frequency trading would further cripple investors’ confidence in U.S. financial markets and destroy America’s economy for many years. The present stagnant economy and the uncertainties associated with this year’s presidential elections could be a tempting opportunity to create an economic “perfect storm” that the U.S. is currently incapable of preventing.