NYSE: Technical Issues or Panic Button ?

Katherine Daigle July 15, 2015

284 3 minutes read

On Wednesday, July 8, 2015, the New York Stock Exchange reported “technical issues” that forced it to shut down operations for part of the day. For over three hours, people all over the United States and the world were unable to trade securities on the exchange, in an unprecedented interruption that spread panic across the investment community. Ominously, a message on the social media service Twitter had been posted the day before, credited to the loosely federated but technologically savvy group Anonymous, “hoping” that the following day would be a bad one for Wall Street. On the morning of July 8, Anonymous tweeted again, this time calling for a protest in front of the New York Stock Exchange at 5 PM that day.

There has been no direct evidence suggesting that the shutdown was caused by Anonymous (or anyone claiming affiliation with it), and authorities – including the Department of Homeland Security and the New York Stock Exchange itself – are adamant that the incident was not related to cyber terrorism at all. The official report states that customers began experiencing difficulties between their gateways and the trading unit early Wednesday morning, due to a new software program that had been installed on the computers of the NYSE. This problem was immediately addressed in an update by the time the Exchange opened its doors that day, but that update was poorly coded and exacerbated rather than ameliorated the issues. By 11:30, officials at the Exchange chose to temporarily shut down trading until the problems could be resolved, and flow resumed normally after 3:30 PM that day.

There are at least two ominous coincidences that make this incident especially chilling, even with the official reassurances. On the same day as the New York Stock Exchange outage, United Airlines suspended all of its flights for an hour and a half due to what it called a “router issue” that “degraded network connectivity for various applications.” Also on Wednesday, the Wall Street Journal’s website suffered intermittent difficulties throughout the day. It was enough of a confluence of events that one United States Senator, Barbara Mikulsky of Maryland, remarked “I don’t believe in coincidences,” to FBI Director James Comey. Again, all evidence indicates these were not malicious attacks but software failures, but with bona fide hackings like those at the Office of Personnel Management and the large corporation Sony in recent memory, it’s easy to get a little jumpy.

And cyber security firms have already stepped up to the plate to explain that that’s exactly what’s happening. Dave Chronister of Parameter Security, for instance, said it’s of little consequence that Wednesday’s interruptions weren’t real hacks because of people’s fears that such a thing could easily happen. “We’re in a hypersensitive time right now where everybody’s worried about the malicious attacker, but the chances are you’re going to have a lot more incidents like [those Wednesday] than actual attacks,” he said. “These were security incidents. The systems went down. It didn’t matter that it wasn’t an attack.”

Of course, the difficulties encountered by United Airlines and the Wall Street Journal were drowned out that Wednesday by the fear and anxiety generated over the fact that the New York Stock Exchange wasn’t accepting securities trade orders for over three hours. It’s important to put that incident in perspective. While definitely a major one, the NYSE is one stock exchange out of many around the world. People whose efforts to trade on it were frustrated Wednesday had no trouble buying and selling somewhere else, and globally, the flow of securities traffic effectively went on as normal – except for the fact that people were frightened, wondering whether a cyber attack was underway in New York. But other than upsetting traders, the actual impact was minimal.

That’s not to say that large-scale stock exchange outage couldn’t happen, however, and if it did, the results would be catastrophic for the global economy. If no one around the world were able to trade securities for even an entire day, for example, billions of dollars would be lost in unrealized capital gains alone.

But we all know from whence the real fallout would come. All we have to do is look at how worried people got on Wednesday, when it turned out that nothing major was really wrong. Imagine if there were cause to believe that a terrorist attack had frozen the world marketplace. There would be financial panic on a scale that would put the Great Depression’s Black Tuesday to shame. Many people have a majority of their life savings invested in the stock markets; a complete inability to access those assets could easily lead to a global run on banks, which could collapse major economies around the world. Even if trading resumed after a day, there’s no guarantee that people’s fears would subside. Confidence could be lost in the market, leading to further instabilities.

With these kinds of stakes, the need for effective cyber security is clear. Computerization has become the Achilles’ heel of modern human society, and protecting that vulnerability is paramount as we enter into the future.