Computers and Stock Market Mayhem
In a span of <a href="http://www.washingtonpost.com/wp-dyn/content/article/2010/05/06/AR2010050604545.html?hpid=topnews">5 minutes</a> yesterday, the Dow Jones index tumbled faster than ever before. <a href="http://voices.washingtonpost.com/economy-watch/2010/05/lesson_of_todays_stock_market.html?hpid=topnews">The culprit</a>? It's still unclear, but it appears as if computer issues played an integral part alongside the economic crisis in Greece and the oil spill in the Gulf of Mexico. The point of emphasis here is that computers have become so embedded in our financial institutions that it's not even considered unreasonable to hypothesize the massive financial ramifications of a simple data entry error. The event's shock and awe almost demands that we consider how a cybersecurity breach could have a similar, if not far worse, impact.
In a span of 5 minutes yesterday, the Dow Jones index tumbled faster than ever before. The culprit? It's still unclear, but it appears as if computer issues played an integral part alongside the economic crisis in Greece and the oil spill in the Gulf of Mexico. The point of emphasis here is that computers have become so embedded in our financial institutions that it's not even considered unreasonable to hypothesize the massive financial ramifications of a simple data entry error. The event's shock and awe almost demands that we consider how a cybersecurity breach could have a similar, if not far worse, impact.
Five years ago SANS Chief Technology Officer Johannes Ullrich and a team of cybersecurity experts put forward a scenario along these lines. They estimated that $24 billion worth of U.S. assets are under the control of computer users who unknowingly carry malicious content. In other words, $24 billion dollars of market money is teetering on the edge of mayhem. One well-placed botnet that coincided with real world events would be enough set the market reeling. Yesterday doesn't appear to have had anything to do with a botnet or a malicious computer attack, but it does show how fragile our systems are. It also proves that Ullrich and the team had hypothesized the right mixture that could set off financial mayhem. I can only imagine what the effect would have been had this been criminal activity, without the possibility of fixing a "glitch."
For now the solutions are quite far off. According to Ullrich, incident handling and forensics will have to come first. Then we might be able to write secure software and put the controls in place to make a difference.
NEXT STORY: Big Brother is watching in high definition