Security Breech At The SEC Causes A Headache For Their CIO

The SEC Wants To Check On Every Trade – Is This Safe To Do?
The SEC Wants To Check On Every Trade – Is This Safe To Do?
Image Credit: Philip McMaster

Let’s face it, when it comes to money, people can quickly become very greedy. When you take a look at institutions like the American stock market, the potential for people to do a large number of things that they really should not do becomes very large. In order to keep things under control and make sure that everyone behaves themselves, the government created the Securities and Exchange Commission (SEC). This organization has the responsibility to watch over all stock and option trading and make sure that nobody is doing anything that they should not be doing. This all sounds like a good idea, but what should the SEC’s CIO do when they are the ones who get hacked?

Say Hello To CAT

The job that the SEC has to do is both complex and difficult. The number of trades that are happening at any point in time is enormous and if people are trying to do something that they should not be doing, it will be hidden in the torrent of other trades that are occurring. When people do things that they should not be doing, it can sometimes have an effect on the entire market. A good example of this is the so-called “flash crash” that occurred in 2010. The reasons that this market event occurred are still not fully understood even today. The SEC understands the importance of information technology and wants to make sure that an event like this never happens again.

The SEC has a plan. What the agency wants to do is to create a single database where all of the information on every trade that is executed can be stored. Having this database would allow the agency to go back in time if a stock market event occurred and find out just exactly what caused the event to happen. The new SEC database is called the Consolidated Audit Trail or CAT. It is designed to keep track of every order and trade that happens in both the U.S. stock and option markets. The goal of creating a database like this is to help the SEC analyze complex market events and hopefully allow the SEC to detect market manipulation. The CAT program has taken several years to implement and has required the SEC to push for its implementation.

As powerful as the CAT database would be, there are some concerns about its creation. Some people view the CAT database as being a potential hacking risk for the SEC. The thinking is that the CAT database will contain detailed information about every trade that is made. If this information fell into the wrong hands, it could potentially be used to reverse engineer some of the most lucrative and closely guarded trades that have been executed by hedge funds and other types of big investors. Critics have said that the data contained in the CAT database could be used to reconstruct highly profitable trading strategies. The value of this information is tens of millions of dollars to the quant firms and proprietary trading firms who create them.

The Problem With Being Hacked

Ok, so this CAT database sounds like it could solve real issues for the SEC. Yes, they need to be careful to limit access to it, but what could go wrong? Well, this is where the person with the SEC CIO job comes in. It turns out that the SEC has recently had a serious security breech. U.S. firms are required by law to file paperwork with the SEC when they perform financial transactions involving either the stock or options markets. In order to file this paperwork they use the SEC’s filing system application, Edgar. The other day, this system got hacked and the bad guys were able to gain access to the SEC’s network via this application.

The concern about the bad guys hacking the filing application is that it could possibly provide them with access to significant information that is nonpublic and which could contain market sensitive data along with personally identifiable information. In addition to all of the other tasks that the SEC has to take care of, they now need to take a very careful look at what trading has happened in the past few days in order to determine if any traders have used any nonpublic data that they stole from the Edgar system in order to make any illicit trading profits.

The hacking of the Edgar system has created doubts about the SEC’s CIO’s ability to keep the CAT database safe from hackers. The CAT program has not been well received by all of the members of the financial community. However, the person in the SEC CIO position says that the CAT database has been designed using robust cybersecurity defenses. What this means is that the data that is stored in the CAT database is encrypted while it is in the database as well as when it is being exchanged between different applications. The CAT database will not only hold information on trades that have been made, but it will also hold information on the people who make the trades. This information will include such items as birth dates and social security numbers. The concern is that if someone was able to break into the CAT database, they could then use the personal information that they gained to target high net worth individuals.

What All Of This Means For You

The U.S. government’s Securities and Exchange Committee (SEC) has been given the responsibility to police the U.S. stock and option markets. Due to the enormous number of trades that occur each and every day, this is a challenging task. The SEC has decided to create a new database, the Consolidated Audit Trail (CAT), that will be used to store information on every trade made on the stock and option markets. This sounds like a good idea, but a recent hack of the SEC has caused people to start to wonder if this will be a safe way to store valuable data.

The stock market still remembers the “flash crash” that occurred back in 2010. This event impacted the entire stock market. Even today, the root cause of this event is not fully understood because all of the data required to analyze it could never be collected. The creation of the CAT database is designed to overcome this limitation. The challenge that the SEC is facing is that some people are saying that the information that will be stored in the CAT database is too valuable to have in one place. They fear that hackers may be able to break in and make off with valuable trading information. These fears have been heightened by a recent hacking attack in which hackers broke into the SEC’s network via their electronic online filing application which is called Edgar. Critics of the CAT database have pointed to this event and said that the same thing could happen to the CAT database. The SEC’s CIO believes that the proper security measures are in place.

The SEC has a challenging job to do. Collecting data on every transaction sure sounds like the right way to go. It would appear as though creating a single database that contains records of all of these trades is a good thing to do. The recent hacking of the SEC should act as a reminder that none of us is 100% secure. As long as the SEC’s CIO takes the right steps to keep the CAT database’s content secure even if the bad guys break in, then this sounds like a good idea.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Do you think that the SEC should also keep a backup copy of their new CAT database?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.


P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

So CIO, are you a good manager? I suspect that most of us think that we are. However, over at the Gallop company they have just completed a survey of managers. What they discovered is that only one in 10 people actually possesses the talent to manage others. Ouch! This magical 10 percent who have what it takes to be a good manager frequently realize 48 percent greater profitability, 22 percent greater productivity, 17 percent greater employee engagement, 5 percent greater customer engagement, and 19 percent less turnover according to Gallup. Are you one of the 10%? Do you have the 5 talents that every person with the CIO job needs?