[This message was posted by John Harris of BondMart Technologies, Inc.
<[email protected]> to the "Information Security" discussion forum at
http://fixprotocol.org/discuss/3. You can reply to it on-line at
http://fixprotocol.org/discuss/read/8140703e - PLEASE DO NOT REPLY BY MAIL.]
Interesting, indeed. Even when news reports are so much horse manure, as is
the case here, they can impart valuable lessons. Let's presume for the moment
that reporter Michael Riley speaks the truth as he knows it and dissect this to
see what can be learned...or not:
1. We have multiple individuals leaking classified information to Bloomberg.
What are their motives for doing so? Have these leaks engendered an
investigation of their own?
2. We have the implication that NSA is better able to investigate sophisticated
cyber attacks than the FBI. If so, why the deficiency in the FBI's ranks? If
not, who benefits from the false implication?
3. We have twice the conflation of private and public interests, as if they are
one and the same: the notion that the interests of Nasdaq are the interests of
the people at large. Nasdaq is a private business, not a government agency.
Its infrastructure belongs to its shareholders, not "the nation" or taxpayers.
Neither the NSA nor "foreign intelligence agencies" are shareholders, to my
knowledge. Why are taxpayers in any country footing the bill for the
investigation of a security breach of a business? How does NSA know that one or
more of these foreign intelligence agencies had no role in the breach? Has does
Nasdaq know that NSA is innocent, for that matter?
4. We have the suggestion that NSA can break any encryption scheme. Gee, that's
news to me. If it's true, then we're all screwed, because nothing is secure.
5. We have the suggestion that Nasdaq lied by omission about the extent of the
breach. If so, why?
6. We have the internal contradiction and lie concerning Nasdaq's knowledge of
which systems were breached. On the one hand, it doesn't know. On the other, it
knows of it least one ("Directors Desk"). Which is it? Simple question: to what
other systems at Nasdaq is Directors Desk linked?
7. Strangest of all, we have the extensive riff about what this means to
Nasdaq's ability to buy NYSE. Tabb's speculations on the subject caused the
needle on my horse-manure detector to jump to "Major Stink" on its dial. Gee, I
don't know, was this story planted indirectly by NYSE? Is one of the foreign
intelligence agencies at the table German? Does any sane being actually think
that this breach disqualifies Nasdaq from buying NYSE? Give me a break...
Allow me a selfish indulgence. Some of us are old enough to remember 9/11/2001.
I knew a couple of really nice folks who died that day at WTC. I remember there
were some really strange trades put on in advance of those attacks - you know,
options on airline stocks and the like - that have never been explained by the
U.S. government.
If NSA is so damn brilliant, I am sure that a lot of Americans are a helluva
lot more interested in goings-on in the financial markets around that day than
they are in the breach of an exchange that in the grand scheme of things just
doesn't matter, and would appreciate it just a little bit if NSA would have its
geniuses solve the 9/11 crime(s) before they worry about a private business
with wealthy shareholders that is perfectly capable of hiring its own experts.
Now, before I am accused of launching a political diatribe in this forum, know
this: this news story has specific bearing on the design and implementation of
the FIX Protocol by market participants. FPL should convene a working group to
study this very case and promulgate best practices to prevent a recurrence of
it. And we should all know to NEVER let the NSA into our businesses. Trap doors
are bad for business.
> I thought this was interesting, considering our recent discussion on the
> challenge of assuring security mechanisms that are implemented in financial
> systems:
>
> http://www.bloomberg.com/news/2011-03-30/u-s-spy-agency-said-to-focus-its-decrypting-skills-on-nasdaq-cyber-attack.html
>
> The game changes when a nation-state adversary steps into the ring, that's
> for sure...
[You can unsubscribe from this discussion group by sending a message to
mailto:[email protected]]
--
You received this message because you are subscribed to the Google Groups
"Financial Information eXchange" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/fix-protocol?hl=en.
