Treasuries HFT hack test results released

Dan Barnes

The impact of a simulated cyberattack on a high-frequency trading (HFT) firm in the US Treasury (UST) market has been released by the Treasury Market Practices Group (TMPG), a New York Fed-sponsored group of market professionals.

The appraisal was conducted by the Financial Systemic Analysis and Resilience Center (FSARC), whose mission is to identify, analyse, assess, and coordinate activities to mitigate systemic risk to the US financial system from current and emerging cyber security threats. FSARC’s US Treasuries (UST) Initiative began early in 2018 to look at potential systemic risks in the US Treasuries market and the financial sector more broadly.

On 13 June 13, 2018, the FSARC conducted a large-scale industry cybersecurity exercise to examine detection, response, and recovery actions related to a significant cyber-induced disruption of the US Treasuries market.

Within the test, a ‘fictitious adversary’ manipulated a trading algorithm within an HFT firm leading to the depletion of capital at the compromised firm, higher UST yields, and challenging data integrity in the market.

This was used to assess communication channels, the potential return to business as usual, and the existing FSARC ‘UST Playbook’ was stress-tested to identify any weaknesses and solutions to problems that might occur.

It found the value of the UST Playbook was demonstrated as a tool to align the sector in fighting a threat, and noted it should be more integrated in member firm’s crisis management activity and more widely shared with additional key stakeholders. It also noted that industry groups should look at having teams of experts on rotation, with detailed consideration of remit, roles/responsibilities, external communications, and integration of public sector entities in those committees.

Finally the group recommended that industry groups and FSARC member firms, in partnership with the US Government, develop guidelines and governance around responsible trading resumption and reconnection following a cyber-induced disruption. Consensus will be needed around which entity should serve as the coordinator for resumption and reconnection process.

©TheDESK 2018