By Anna Isaac
U.K. government agencies are examining whether a trading outage
blamed on a software hiccup at the London Stock Exchange in August
may actually have been caused by a cyberattack aimed at disrupting
markets, according to people familiar with the matter.
A British intelligence agency has contacted the LSE in the past
two months requesting additional information about the Aug. 16
outage, according to people familiar with the matter. The U.K.'s
Treasury is also involved in the probe.
An LSE spokesperson denied that the incident was cybersecurity
related, attributing it to a "technical software configuration
issue following an upgrade of functionality." She added that the
LSE "has thoroughly investigated the root cause of the issue to
mitigate against any future incidents."
The incident, which delayed the market open by more than an hour
and a half and was the worst outage in eight years, immediately
triggered government cyber alert systems, according to the people
familiar with the matter.
The U.K.'s Government Communications Headquarters, known as
GCHQ, which monitors critical national infrastructure, including
major financial trading platforms, is examining if the software
code may have played a role in the outage. Officials are looking at
time stamps affiliated with the code's production, which could
offer clues to its origin.
The status of the examination and whether any action will be
taken by regulators or the LSE is unclear.
At the time, the London Stock Exchange Group, which operates the
LSE, said a technical software issue had temporarily prevented
trading in a range of securities, including stocks listed on the
FTSE 100 and FTSE 250. It didn't specify the cause of the
issue.
If the outage was caused by an attack, the aim may have been to
cause market disruption and undermine confidence in critical
national infrastructure in the U.K., according to the people
familiar with the government's examination.
When the LSE notified regulators shortly after the outage in
August, there was no indication of a possible cyberattack from the
correspondence, according to a government official and a person
familiar with the LSE's operations.
The LSE is a key contributor to London's financial pre-eminence
in Europe, home to blue-chip stocks like Unilever PLC and BP PLC.
It is also the global leader in clearing trillions of dollars worth
of derivatives contracts. It has been subject to takeover battles
for years and is strengthening its ability to sell data through a
$14.5 billion acquisition of financial information business
Refinitiv.
A spokesman for the Financial Conduct Authority, which regulates
U.K. financial markets, declined to comment on the incident, but
said "all regulated firms must have appropriate systems and
controls in place to manage operational and technology-related
risks and we expect them to report material incidents of this
nature to us."
At the time of the outage, the LSE was updating internal
systems, which may have made the exchange vulnerable to attack,
according to the people familiar with the government
examination.
Like many companies, LSE contracts out software development to
third parties. Some of those in turn parcel out work to individual
developers. LSE technology managers have identified the security of
this development supply chain as an area of concern, according to a
person familiar with the LSE's operations.
A deal to combine LSE Group with rival Deutsche Börse AG was
blocked by regulators in 2017. The tie-up was in part aimed at
accessing Deutsche Börse's superior technology and pooling
resources to defray the cost of upgrades, according to a person
familiar with its technical operations.
In its latest annual report, the LSE said the risk associated
with cyberattacks on its institution had risen and identified
dangers posed by sophisticated malware and malicious actions from
contractors or vendors.
The LSE has suffered three outages since it implemented a new
trading system called Millennium Exchange in 2011. These occurred
in 2011, 2018, and 2019.
LSE Group announced Dec. 16 that its top technology executive,
Chris Corrado, will leave at the end of March. The company said he
is leaving to pursue other opportunities. Mr. Corrado declined to
comment.
LSE isn't alone in having suffered recent outages.
In September, Hong Kong Exchanges and Clearing said a bug in
third party software had led it to suspend activity on its
derivatives trading platform.
On Aug. 12, a key NYSE data feed suffered a technical glitch
that delayed end-of-day values for the Dow Jones Industrial Average
and the S&P 500.
In 2013, the Chicago Metals Exchange Group said it had suffered
a cyberattack, which didn't affect its operations.
Some observers say exchanges historically felt protected from
conventional cyberattacks, because they developed closed networks,
which were relatively isolated from the broader internet and did
much of their software development in house.
"Adoption of emerging technology and a growing reliance on
outsourcing means the era of truly closed networks is over," Monica
Summerville, director of fintech research for research and
consulting company TABB Group, said.
Write to Anna Isaac at anna.isaac@wsj.com
(END) Dow Jones Newswires
January 05, 2020 09:14 ET (14:14 GMT)
Copyright (c) 2020 Dow Jones & Company, Inc.
London Stock Exchange (LSE:LSEG)
Historical Stock Chart
From Aug 2024 to Sep 2024
London Stock Exchange (LSE:LSEG)
Historical Stock Chart
From Sep 2023 to Sep 2024