–Retransmitting Story Published 16:31 ET Tuesday
–No Comment on Whether Any Malicious Data Breaches Found
By Denny Gulino
WASHINGTON (MNI) – Making public portions of an
assessment of economic data security threats, the Labor Department
Tuesday disclosed it has been warned about “stealthy” and technically
sophisticated “adversaries” — algorithmic traders — ready to “bend and
potentially violate rules and laws” to obtain a trading advantage.
The Department posted on its Web site a summary of a security
analysis done by Sandia National Laboratories that was begun after it
was approached over the course of the last four years by the Office of
Inspector General, the SEC and the FBI who were “concerned that key
economic data were potentially subject to unauthorized, premature
release.”
The Sandia report’s existence was revealed earlier in the year,
first disclosed by CNBC and later confirmed by the Department. Its
contents, however, were fiercely guarded until Rep. Darrell Issa, chair
of the House Government Oversight Committee, demanded to see it in a
June 6 hearing.
As it turns out, Sandia said in its summary that it is recommending
the report be made publicly available, even while it described the
threat to the Department’s data security in stark terms, with “attack
scenarios” and warnings about the capabilities of “adversaries.”
In the process, Sandia confirmed an MNI story in March that
reported Department officials were worried that traders using ultra
high-speed computers and sophisticated “algorithmic” trading software
were believed to be attempting to subvert the purpose of the
department’s data “lock-ups.”
(Lock ups are sessions in which reporters get an advance look at
monthly reports on jobs and inflation and weekly reports on initial
claims for jobless benefits, and are given 30 minutes to prepare their
stories, with no communication to the outside world.)
“Although not directly addressed in the Sandia National
Laboratories (SNL) Red Team analysis, the apparent root cause for the
issues driving this assessment is the possible presence of algorithmic
traders and/or their agents in the press lockup facility,” the report
said.
“Modifying DOL policy on what criteria qualifies applicants to
attend release events would likely be of benefit,” Sandia said. “At the
heart of the issue is what criteria should define a press organization
versus a business primarily interested in supplying data for algorithmic
trading.”
Sandia said firms “primarily concerned with algorithmic trading
would have significant monetary incentive to circumvent the embargo
imposed on key economic data and act on it prior to its official
release.”
In fact the Department did implement new criteria for entry to the
lock-ups and as of the July 6 employment report excluded the Bond Buyer
newspaper, a 117-year-old operation primarily serving city, county and
state treasurers who finance infrastructure through tax-advantaged
securities, and its business partner Nasdaq OMX.
Also excluded was Need to Know News, a firm owned by MNI. Nasdaq
OMX and NTKN each had algorithmic trading operations among their
customers. A third firm, RTT News, reports economic and financial news
via the Internet.
Sandia’s report characterized the threat as unnamed trading firms
it said were “willing to bend and potentially violate rules and laws.”
“In summary, likely adversaries in this scenario are profit driven,
technically sophisticated individuals or organizations who may have
considerable resources at their disposal,” Sandia said. “Their technical
proficiency enables implementation of stealthy surveillance equipment.
Although they are willing to bend and potentially violate rules and
laws, violence is unlikely as an operational method.”
The Labor Department referred questions whether any malicious
breach of lock-up data security was ever discovered, or whether any
investigations are continuing to its Office of the Inspector General. A
spokesman for the office told MNI there would be no comment.
Employing traditional national security threat assessment
techniques, Sandia said it formed a “red team” in operation “Clean
Sweep” but was prevented by budget and other limitations from attempting
to violate the security precautions themselves.
Chief among the precautions for years have been cutoff switches
that sever all connections, whether via data circuits or telephones,
until data is officially released, usually at 8:30 ET. Other precautions
have been in place preventing use of cell phones or wireless devices of
any kind. In its investigation of the lockups, Sandia found
conditions familiar to any of the reporters who attend them week after
week.
“During the live press release event,” the Sandia report said,
“IDART personnel in the press lockup facility noted the ambient
temperature became uncomfortably warm, likely due to the human occupants
and the considerable amount of IT equipment present.”
It noted that, “The interior of the press lockup facility is
somewhat crowded, and some of the work spaces used by press personnel
are cluttered with IT equipment,” the report said. “Members of the SNL
Red Team were somewhat surprised to find what appeared to be network
appliances (e.g. switches and routers) capable of supporting
infrastructure well beyond the workstations to which they were
connected.”
In the wake of the report, the Department is upgrading its security
precautions, effective in early September, so that any equipment used
will have to meet specific criteria and be delivered direct from the
manufacturer and any software loaded under Department supervision.
Originally the Department said only government-owned computers,
software and Internet connections would be allowed but this requirement
was softened after pressure from Rep. Issa to renegotiate with the news
media.
** MNI Washington Bureau: 202-371-2121 **
[TOPICS: MAUDS$,M$U$$$]