The government’s intent ‘is for the UK to remain the top choice for European and global bank headquarters’
Nigel Davies
October 17, 2016: Over the past decade, the nature of the threats to society has evolved beyond the physical world in which they traditionally operated. State-sponsored cybercrime and organised criminal hacking has become a threat to almost every sector that relies on an internet connection. Unsurprisingly, the financial trading sector is at increasing risk from such activity.
Many countries are now waking up to the fact that protecting national security in an increasingly volatile geopolitical landscape requires more than the traditional military and law enforcement efforts of previous decades. Just two examples of recent national security breaches include an attack on the Ukrainian national power grid and an attempted $951 million heist on Bangladesh’s central bank (the thieves successfully stole $81 million).
| Cybersecurity firm Symantec has since found evidence linking the theft to the North Korean government, along with a string of other state-sponsored attacks against banks in South East Asia. The attacks against Ukraine and Bangladesh boiled down to one fact: malicious actors were able to exploit vulnerabilities in the critical national infrastructure (CNI) of entire states, resulting in severe consequences for both targets; an attractive end goal for any attacker. |  Nigel Davies is Head of Secured Navigation, QinetiQ |
Defence review covers private sector
This new kind of attack is reflected in the UK’s latest Strategic Defence and Security review. Evolving from its 2010 predecessor, the security of the private sector and civil society are now as much a part of the review as the military. From the ‘bombs and bullets’ approach of previous strategic policies, it is now concerned with defence against state-sponsored attacks, organised crime and protecting CNI.
The government’s intent “is for the UK to remain the top choice for European and global bank headquarters”, intending also to “build resilience to financial crisis”. Most importantly, it “will seek to develop long-term partnerships with industry, built on trust and collaboration, through better sharing of information and expertise1.” It’s clear that, given its importance to the UK’s economy, protecting the financial trading sector plays a big part in securing the UK’s CNI.
At the moment, precise timing and synchronisation of financial transactions is critical to markets worldwide, is mandated by regulation in the European Union and is increasingly required in the United States. These high frequency transactions (HFT) involve moving millions of dollars in the space of seconds, with monetary values adjusting and reacting to real-time updates. To put it in perspective, the New York Stock Exchange handles nearly $2 billion in trades in the first two minutes of opening.
In order to allow HFT, the financial trading industry relies on timing sources and systems generally reliant on Global Navigation Satellite Systems (GNSS), such as GPS, to remain in sync with incredibly accurate timestamps.
The MiFID II legislation, announced last year and coming into effect across the EU in 2018, dictates that trades have to be traceable up to 100 microseconds. The reliance on such miniscule accuracies and coordination makes the system and the source of time and synchronisation information an obvious target for attack.
The vulnerabilities
While GNSS has become a phenomenally successful, ubiquitous and reliable source of accurate time, it suffers from two fundamental vulnerabilities. The first is in the strength of the GNSS signals, which are used by receivers to calculate time and position. The satellites which transmit those signals orbit the Earth at an altitude of over 20,000 km, which means that the signals are very weak and vulnerable to interference by the time they reach Earth. In fact they are so weak as to be imperceptible from the background noise of other transmissions, requiring complex algorithms to identify and track them. An attacker who is able to transmit additional ‘noise’ over the top of GNSS signals can stop a receiver from working properly, or at all.
The most basic of jamming devices work by broadcasting excessive noise over the GNSS signal, resulting in the receiver’s inability to lock onto the signals broadcast by the GNSS satellites.
The SENTINEL Project – a nationwide, UK government-backed investigation into GNSS jamming – tracked the proliferation of jammers, finding in one location more than 60 GPS interference incidents in six months.
While most interference incidents are minor and go unnoticed, in some situations, the impact can be substantial, leading to lost revenue. An example of this in action took place in 2009. Engineer Gary Bojczak was fined $32,000 for transmitting radio interference which disrupted the operation of Newark Liberty International Airport’s new air traffic control system.
Bojczak worked for an engineering firm that tracked its vehicles using GPS. However, Bojczak installed a jamming device in his assigned vehicle to stop his employer tracking his movements. His daily work route would take him past the airport, subsequently interfering with GPS signals used by the aircraft landing aids on approach to the airport.
The other vulnerability is the ease with which a false signal can be transmitted by an attacker to ‘trick’ a receiver into generating a false position or time. This is known as a ‘spoofing’ attack. The open access GNSS signals, which are widely used today by non-military users, are defined by open standards published on the internet. While this has led to a vibrant market in GNSS devices, it also means that the signals can be copied by an attacker.
These two factors combine to make the civilian satellite systems used by the financial trading sector highly vulnerable to tampering, blocking and disruption. Currently, devices which can create interference and disrupt the use of GNSS can be bought for as little as $40 online and are often no bigger than the size of a cigarette lighter.
Spoofing attacks are more complex and, until recently, were considered to be only within the grasp of Nation States and militaries. However, a 2015 paper published by the Chinese Qihoo 360 security research firm demonstrated GPS spoofing using low-cost hardware and open source software.
While there is only rare and anecdotal evidence of civilian spoofing attacks to date (for instance, reports that drug cartels are spoofing drones operated by the US Customs and Border Protection agency), most experts believe it is only a matter of time before attacks become more common.
Mitigating threats
The sheer volume and value of data in the financial industry that needs to be time-stamped by GNSS data leaves it at risk from interference. Interfering with a GNSS signal could have consequences for trading bodies calculating the correct time of trades and keeping up with real-time trade requests. Even an event that lasted only a couple of seconds may impact system performance or even cause a crash as timings between networks fail to match. In the era of HFT, this could be costly.
Audit trails would also become confused, with one party buying and receiving the share before the other has ‘officially’ sold it. This is crucial when regulators have started to clamp down on HFT fraud; an inability to unravel HFT trails could leave the industry open to market rigging.
Such interference events are experienced by financial organisations. It is claimed that for roughly 10 minutes every day, the London Stock Exchange experiences problems with the signals it receives from GPS satellites due to such inadvertent jamming.
Fortunately, as evidenced by the aims set out in the 2015 Strategic Defence and Security review, the UK is quickly coming to terms with this new age of threats and is looking to future technologies which can effectively secure the nation’s critical infrastructure.
Over the next few years, the GNSS landscape will undergo a radical change. New GNSS are being deployed by Europe (Galileo) and China (Beidou), GPS is undergoing an overhaul to GPS version 3, and the Russian system (GLONASS) is being modified to be more compatible with other systems. With more systems comes redundancy and resilience. The new and modified systems bring new services and diversity.
A new generation of multi-constellation, multi-frequency (MCMF) receivers provide security to a range of threats affecting GNSS, enabling high levels of robustness and security for time-stamping as demanded by financial trading regulators. In the event of an interference attack, the MCMF capabilities allow the receiver chips to access multiple systems simultaneously, switching seamlessly between over 100 satellites, cross-checking between signals for consistency, readjusting to the next available signal, or ignoring signals (either spoofed or generated in error), which don’t agree with others.
The European Galileo system will introduce the first civilian secure, encrypted GNSS signal, the Public Regulated Service (PRS), which will be available to government-authorised organisations; core financial infrastructures are candidates for inclusion. PRS adds additional resilience against interference and is very secure against spoofing. Combining the encrypted GNSS services with new MCMF receivers minimises the likelihood of system crashes and timestamp manipulation resulting from spoofing and jamming events.
The use of these additional services together with resilient receiver processing techniques and robust design of the overall timing and synchronisation sub-systems (e.g. using accurate atomic clocks disciplined by the GNSS timing signals) can effectively mitigate these threats. With the threat of interference significantly reduced, the financial trading sector can be effectively secured on an operational level, safeguarding its future in an era of growing technological threats.