The recent cyber incident involving ION, a major vendor in the financial industry, served as a wake-up call. The industry’s operational resilience was tested and the consequences were significant. In light of the insightful opening remarks by CFTC Commissioner Christy Goldsmith Romero and the discussions at the FIA’s IDX conference, let’s dive into how the futures industry can sharpen its arsenal against cyber threats.
The ION incident highlighted the Achilles heel in the industry’s cyber defence: Communication. The cyber attack crippled communication channels between banks and vendors. Keith Todd, CEO of Trading Technologies, stressed the necessity for a “crisis management email system to get out to critical contacts.” To turn this weakness into strength, the industry must develop crisis communication systems. For instance, employing alternate communication channels that can be triggered when primary ones are compromised. An investment in redundancy and multi-channel communication is non-negotiable.
Operational resilience is not just about weathering the storm but navigating through it. Tito Shirley, head of cleared derivatives at FIS, rightly pointed out that vendors need mechanisms to continue processing, even in a disconnected environment. This includes having resilient data backup and restoration capabilities. Enhanced operational resilience may involve creating isolated, secure environments that can process critical information, allowing the business to function even when under attack.
Furthermore, maintaining an up-to-date inventory of service providers and establishing strong relationships with key players such as chief information security officers, as emphasised by Commissioner Romero and Justin Llewellyn-Jones of Broadridge, is vital.
A single chink in the armor can compromise the entire industry. Kirston Winters, Chief Risk Officer at OSTTRA, noted that “the whole network is only as strong as the weakest link.” Establishing an industry-wide task force, as initiated by the FIA, is a step in the right direction. This should be complemented with shared threat intelligence, coordinated response plans, and regular cross-industry cyber drills. Such collaborations can ensure that the entire industry is moving in lockstep, shoring up defences collectively.
Finding the right balance
Regulators play a critical role in ensuring that the financial market remains resilient. Commissioner Romero's remarks highlighted the importance of communication with regulators. The ongoing work by the CFTC on its first cyber rule for swap dealers and FCMs is commendable. However, regulators must strike a balance to ensure that rules are prescriptive enough to enforce high standards but also flexible enough to allow for innovation in cybersecurity measures. Regular dialogue between regulators and industry stakeholders is essential in shaping regulation that is both robust and adaptive.
Charting the path to a resilient future
The ION incident is not just a case study but a warning shot. The futures industry must take lessons from this incident to forge a path to a more resilient future. This involves enhancing communication systems, building robust operational resilience, collaborating across the industry, and engaging in constructive dialogue with regulators. Through these concerted efforts, the industry can advance from merely responding to incidents to building a fortress that is prepared for the cyber challenges of tomorrow.
Fostering resilience with Cumulus9
In the wake of the ION cyber incident, a number of market participants faced the unexpected challenge of conducting manual processing, revealing a critical dependence on singular, fully automated solutions. This incident underscored the need for diversification and operational resilience within the futures industry. As a reliable backup solution, Cumulus9 was able to rapidly assist struggling clients with its margin analytics platform, thereby underlining the value of alternative solutions in fortifying operational resilience.
Get in touch to find out more about Cumulus9.