- Email: [email protected]
Wall Street discovers computer vulnerability
Computer Fraud & Security Bulletin
October 1990
security that applies to all non-military US Government agencies. The future of that effort now is in doubt. In addition, it appears that NCSC’s trusted system computer security program for use by US military and defense contractors may also be impacted by this change. NCSC’s trusted system and Tempest emissions security programmes already have been criticized as being too expensive by Alexander Bocast, manager of the Protection of Logistics Unclassified Sensitive Systems (PLUS) programme in the Office of US Secretary of Defense. PLUS was established, according to Bocast, to provide data security mechanisms in the range of US$lOO per workstation, for use with what he describes as
following day, but several of the brokerage firms were forced to relocate their operations for several days until electric power was restored to their buildings. One infoned source estimated that at least half of the affected firms had not developed data processing disaster recovery plans. While other banks struggled to cope, the Federal Reserve Bank of New York switched its electronic payment system to an alternative site in Pearl River, without having to shut down. The Fed decided to move to the backup site after two of its three emergency generators in Manhattan failed to work. While test runs have been carried out, this was the first time that the Fed has had to use the facility in a real emergency.
unclassified but sensitive information. NCSC’s
set of publications
defining the
trusted system programme are expected to be revised significantly in the near future. An alternative extended set of criteria (ITSEC), sponsored by the European Economic Community, is already being developed. Be/den Menkus
Wall Street discovers vulnerability
computer
On 13 August a power failure in lower Manhatten closed the American Stock Exchange, the New York Mercantile Exchange, which deals in oil futures, and the Commodity Exchange, which trades major gold contracts. Trading was halted at the beginning of the Middle East crisis, when prices in gold and oil moved drastically. The power outage was caused by a fire in a Consolidated Edison electric substation which served several blocks in the financial district. The noontime fire also disrupted the bond market and foreign exchange trading; interrupted the computerized distribution of trading information; and forced numerous brokerage firms to suspend their operations. Most of the affected exchanges and trading activities resumed normal operation on the
01990
Elsevier Science Publishers Ltd
The fire confirmed the vulnerability of the computing operations of firms in Wall Street. In June the consulting firm of Boaz, Allen & Hamilton had reported that the area was also vulnerable to the loss of telecommunication services. Their report estimated that upwards of US$l billion in financial transactions might be disrupted because telecommunications had been allowed to deteriorate by the deregulated Nynex regional Bell telephone operating company. Be/den Menkus and Tina Monk
UK computer fraud survey The Audit Commission is organizing the next survey in its triennial series investigating the extent of computer crime within the UK. The survey will try to tackle which aspects of computing pose the greatest risk, to assess the potential incidents of such risks, and provide an accurate estimate of the levels of computer fraud. The survey aims to be based on actual incidents, and the identities of the respondents remain confidential. The next survey will continue to update the results of the previous surveys, but will be extended to try to gain a more detailed picture of
3
October 1990
security that applies to all non-military US Government agencies. The future of that effort now is in doubt. In addition, it appears that NCSC’s trusted system computer security program for use by US military and defense contractors may also be impacted by this change. NCSC’s trusted system and Tempest emissions security programmes already have been criticized as being too expensive by Alexander Bocast, manager of the Protection of Logistics Unclassified Sensitive Systems (PLUS) programme in the Office of US Secretary of Defense. PLUS was established, according to Bocast, to provide data security mechanisms in the range of US$lOO per workstation, for use with what he describes as
following day, but several of the brokerage firms were forced to relocate their operations for several days until electric power was restored to their buildings. One infoned source estimated that at least half of the affected firms had not developed data processing disaster recovery plans. While other banks struggled to cope, the Federal Reserve Bank of New York switched its electronic payment system to an alternative site in Pearl River, without having to shut down. The Fed decided to move to the backup site after two of its three emergency generators in Manhattan failed to work. While test runs have been carried out, this was the first time that the Fed has had to use the facility in a real emergency.
unclassified but sensitive information. NCSC’s
set of publications
defining the
trusted system programme are expected to be revised significantly in the near future. An alternative extended set of criteria (ITSEC), sponsored by the European Economic Community, is already being developed. Be/den Menkus
Wall Street discovers vulnerability
computer
On 13 August a power failure in lower Manhatten closed the American Stock Exchange, the New York Mercantile Exchange, which deals in oil futures, and the Commodity Exchange, which trades major gold contracts. Trading was halted at the beginning of the Middle East crisis, when prices in gold and oil moved drastically. The power outage was caused by a fire in a Consolidated Edison electric substation which served several blocks in the financial district. The noontime fire also disrupted the bond market and foreign exchange trading; interrupted the computerized distribution of trading information; and forced numerous brokerage firms to suspend their operations. Most of the affected exchanges and trading activities resumed normal operation on the
01990
Elsevier Science Publishers Ltd
The fire confirmed the vulnerability of the computing operations of firms in Wall Street. In June the consulting firm of Boaz, Allen & Hamilton had reported that the area was also vulnerable to the loss of telecommunication services. Their report estimated that upwards of US$l billion in financial transactions might be disrupted because telecommunications had been allowed to deteriorate by the deregulated Nynex regional Bell telephone operating company. Be/den Menkus and Tina Monk
UK computer fraud survey The Audit Commission is organizing the next survey in its triennial series investigating the extent of computer crime within the UK. The survey will try to tackle which aspects of computing pose the greatest risk, to assess the potential incidents of such risks, and provide an accurate estimate of the levels of computer fraud. The survey aims to be based on actual incidents, and the identities of the respondents remain confidential. The next survey will continue to update the results of the previous surveys, but will be extended to try to gain a more detailed picture of
3