Cyber Attacks on Equities Markets: The Real Threat of High-Frequency Trading

by Eightkay

It goes without saying our markets today are digital - almost everyone knows this fact.

However, what the government and maybe the markets themselves, NYSE, NASDAQ, and various other exchanges fail to address properly is their instability and frailty.  Daily we hear about the Air Force or FBI engaging in preventative cyber warfare, hackers, Anonymous, people breaking into files stealing socials, or other schemes.  The real threat, the real danger, is our complete and total reliance on an electronic marketplace as the lifeblood of our capital system in the United States.

Many of you may know that the days of open outcry on the trading floor are long gone.  Today if you open an E-Trade account and buy shares of Coke, that transaction - whether buy or sell - travels through a complex web of Alternate Trading Exchanges (ATS) and Electronic Networks (EN) to connect a buy to a sell and cross.

The dangers out there include High-Frequency Trading (HFT), dark pools, and ATS.  Many in The Wall Street Journal and The New York Times will speak about how these rob investors of meaningful trades, focusing on primarily the economics or the market structure.  Both the Securities and Exchange Commission (SEC) and Commodities Futures Trading Commission (CFTC) have held roundtables on this issue and, although they focus on market fairness and occasional structural stability, they do not mention security attacks.

Let's take a look at the Knight Capital example from last summer.  A rogue trading algorithm out of Overland Park, Kansas, a suburb of Kansas City, Missouri, crashed and stalled our markets for 30 minutes before anyone knew what was going on that day.  The program executed a large sell order and flooded the market with stock.  I was in Europe at the time and scarcely had time to read the news and react to what was going on before it was over.

Now imagine this attack scenario.  Agents of an enemy of the United States successfully break into the mainframes of a High-Frequency Trading Company, Dark Pool, Crossing Network, or Brokerage Company.  They infect the system with rogue trading algorithms or change the code on currently deployed algorithms.  In a single coordinated attack, they buy and sell millions of shares of a single company or multiple companies, causing trading to halt or decimating the value of a single stock.  Multiply that by 100 stocks of the top Fortune 500 companies and we have market collapse.  Trading for the day would halt and uncalculated economic damage would be done.

There really is no real quick fix for this system.  The problem that is going unnoticed is the fact that HFT programs are a major national security threat.  If such a program could be maliciously controlled, it could cause damage.  You control 50 such programs at many HFT firms and you have a weapon of mass destruction.  Our markets are so disorganized and trading can happen so fast that there would be no reaction.  Yes, there are circuit breakers to stop and halt trading of a stock and market monitoring.  But this attack could happen quickly, rapidly, and across multiple fronts.  On one hand economic damage and on the second-hand investor confidence ruined.  Investor confidence concerning the vulnerabilities of the markets would take a long time to heal.

In the coming years, the SEC and CFTC need to take a broader role in not only securities regulation but in mandating measures to ensure the security of our equities markets.  HFT programs need to be banned and further safeguards put in place on the marketplace to confront fraudulent trading programs or direct access to the market.  Rules requiring hold periods for stocks or not trading above or below a certain price spread not only affect marketplace fairness but also add a second level of safeguard to a well-orchestrated cyber attack.