Nasdaq Technical Glitch Highlights System Vulnerabilities

Stephen DeAngelis

August 22, 2013

Trading today came to a sudden halt on the Nasdaq exchange as the result of a technical glitch. Jacob Bunge, Kaitlyn Kiernan, and Tomi Kilgore, reported that the”unexplained technical issue paralyz[ed] the market for thousands of securities and rais[ed] new questions about the robustness of U.S. trading systems following a series of high-profile glitches.” [“Nasdaq Market Halts Trading,” Wall Street Journal, 22 August 2013] They continue:

“The outage saw a large chunk of the U.S. stock market effectively come to a standstill at midday, freezing prices in stocks, exchange-traded funds and options listed on Nasdaq and prompting other trading venues to stop trading those securities. Dark pools and other electronic trading platforms were also forced to suspend trading in Nasdaq-listed stocks, since there were no publicly quoted prices on those securities, traders said. Traders said there was confusion about what stocks were affected, and that phones were lighting up across trading desks as investors tried to figure out what was happening.”

The halt to trading lasted over three hours and Nasdaq shares dropped more than 3 percent. Bunge, Kiernan, and Kilgore concluded their article by noting that this “problem is the latest in a string of technology-related mishaps affecting exchanges and brokers as markets over the past two decades have migrated to electronic systems.” As the following Bain & Company graphic shows, the financial services sector is enormous in terms of the amount of data it involves.

Bain & Company 01

Since the global economy took a nosedive in 2009, there has been a lot of chatter about organizations that are “too big to fail” without dire consequences. If ever there is a sector that is too big to fail without such consequences, the financial services sector is the poster child. Nowadays it is impossible to isolate the effects of financial failure. Regulators should use this latest wake-up call to force financial services organizations to conduct a vulnerability assessment and take measures to close vulnerability gaps. Enterra Solutions has developed a perfect methodology for such a task — patented Enterprise Resilience Management Methodology (ERMM)®..

Today’s typical business organization operates in an environment of extreme complexity and enterprise stress. This is certainly true in financial services sector. Generally, companies continually face: Ongoing demands of new requirements, competition and operational performance; compliance pressures (e.g., regulations, directives, and policies); security threats (e.g., corporate espionage, cyber-intrusions, internal criminal activity, and natural disasters; and other business issues associated with investors, industry partners and all levels of domestic and international government organizations. Meeting these demands requires organizational systems that provide them with a high degree of visibility, insight, control, and responsiveness. These systems must also provide real-time information about external events and about internal processes; the ability to effectively intervene in those events and processes to minimize negative impacts; efficiently marshal information from any point in an organization and direct it to any other point; and redirect and adapt an organization’s resources as needed when a threat arises or an opportunity emerges.

Most organizational systems fall short of this ideal and typically only provide static solutions to dynamic challenges. Enterra’s ERM Methodology takes a holistic approach so that an organization can identify and protect its most valuable assets. In addition, the enterprises’ existing legacy environments do not readily interface nor is their data easy to integrate (from a technical or security standpoint). These systems are often built around outdated policies that are continuously re-written and updated with the expectation that the technology will be able to immediately exploit them − nothing could not be further from reality.

The ERM Methodology diagnoses the security, compliance and performance requirements, and risks of organizations and determines how to make them resilient to those risks. Enterra’s approach to accomplish the goals for a strategic risk management program follows a four-step phased approach. Phase involves the initial assessment. During this phase, assets or nodes within an organization or a network that are critical for competitiveness and sustainability are identified along with the critical processes and functions that enable the critical assets. Additionally, security, compliance, and requirements that apply to each of the processes and functions are analyzed; along with business opportunities and prioritized business objectives. The analysis is performed at a level of detail such that the rules and processes may be later codified as needed into an automated SaaS solution.

The next phase is a design and build phase. During this phase, a design is developed for migrating information and converting business policies into rules sets and workflow logic that operate across systems and functional organization. The third stage involves solution delivery and the final phase is the operational phase. When fully implemented, the Enterprise Resilience Management Methodology integrates performance optimization, compliance, and security into a truly seamless and enduring solution that is embedded in advanced cloud service delivery.