By Michelle Price
Nasdaq OMX’s chief information security officer, Mark Graff, is to chair a new working group that’s been set up by the World Federation of Stock Exchanges to try to combat the rise of cyber attacks on financial market infrastructure.
The formation of the group comes amid evidence that cyber-security is a real threat to exchanges, with 53% of them found to have suffered an attack within 12 months, according to research published in July by the WFE and regulatory standard-setting body the International Organization of Securities Commissions.
Mr. Graff, who’s based at Nasdaq in New York, will be assisted by Jerry Perullo, vice-president of information security at IntercontinentalExchange, who will serve as the committee’s vice chair, the WFE said in a statement today.
Speaking to sister title Financial News, Mr. Graff said the new group would look to enhance collaboration among industry security chiefs to agree cyber security best practices, establish a framework for sharing information on cyber attacks and liaise with regulators.
He said: “I’ve been the global chief information officer at Nasdaq for the past year-and-a-half, and in previous jobs I have always made it a priority to collaborate with other security experts.
“I found that being on the East Coast, it’s easy to connect with people in the financial community, especially on Wall Street, but I was very surprised to find it very difficult to connect with security experts among exchanges – or even find out who they were. So we are trying to find a way where all securities chiefs among exchanges could collaborate.”
While exchanges are generally directly regulated by their home securities watchdog, there is presently no accepted exchange industry standard for protecting against cyber threats.
Mr. Graff, formerly the chief cyber security strategist at Lawrence Livermore National Laboratory, said: “We have to develop some kind of sense of what best practices are. We all have limited budgets, so what is everyone else doing? And smaller exchanges don’t have access to all the resources that companies like mine does.”