Future of Finance

Could the next big trading glitch come from the sky? An expert in satellite technology says it’s possible, and he wants more traders and investors to be aware of the potential problem.

The danger lies with the global positioning satellite system, according to Todd Humphreys, a professor of aerospace engineering and engineering mechanics at the University of Texas at Austin. High frequency traders depend on GPS technology for accurate time signals to guide their trading strategies, but the satellite system’s rooftop receivers are vulnerable to jamming, he contends. GPS signals can also become the target of hacking attacks, known as “spoofing,” that can send out false time signals and disrupt trading, he adds.

“GPS vulnerabilities represent a soft spot in our nation’s financial system,” Humphreys tells Institutional Investor.

To date, there have been no official reports of GPS technology jamming or spoofing impacting securities trading or the financial industry, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), a clearing house for security updates, and the American Bankers Association. But that doesn’t mean such attacks couldn’t happen, considering our ever-widening dependence on GPS technology.

GPS jamming and spoofing has plagued a host of other industries and organizations, which depend on the precise time and location data provided by the system’s constellation of 31 satellites. In 2009, for instance, GPS-guided systems at Newark Liberty International Airport were disrupted by a trucker in the area using a GPS jammer to prevent his employer from monitoring his whereabouts. It took the airport several months to correctly identify the problem. Tests show that cellular networks that rely on GPS technology for precise timing can be spoofed, causing cellular towers to block phone calls and 911 services. And in May of this year, South Korea complained that North Korea was intentionally jamming the South’s airline GPS systems and the location data they provide to pilots, potentially putting lives at risk.

It’s not surprising, then, that concerns have been voiced about potential vulnerabilities in the U.S. financial services industry, and in particular among high frequency traders.

How exactly do traders use GPS technology?

Global positioning satellites transmit precise time data to GPS antennas sitting atop data centers, where many high frequency trading firms house their computer systems. The antennas transmit this information to a firm’s trading computers. Such signals help to correctly guide a firm’s high speed trading algorithms, the software programs that execute trading strategies in fractions of a second. The time signals ensure that at each decision point in the algorithm, it has the correct time in relation to data it receives from other sources. It also helps to ensure that time stamps and time records are kept correctly. This allows for the proper ordering of transactions and time synchronization throughout the network. If the algorithm does not receive the correct time, the trading strategies may not function properly, strategies may fail to be adjusted or corrected in a profitable way, or algorithms may stop working altogether.

“If you mess with the timing of a GPS source, you could make it look like a price is going up rather than going down and impact real-time trading,” says Victor Yodaiken, CEO of FSM Labs, a provider of time synchronization software for high frequency trading firms.

The big danger, says Humphreys, is that when the algorithms employed by high-speed traders detect discrepancies in time data, they may stop functioning and create a liquidity vacuum, akin to what happened in the flash crash on May 6, 2010.

“If I were of a mind to, my students and I could make money off of our knowledge of the vulnerabilities of GPS,” says Humphreys, who has built what Mark Psiaki, a professor of mechanical and aerospace engineering at Cornell University, has described as “the baddest” GPS hacking device known.

“Secondly, we could cause confusion in the markets,” Humphreys insists. “While I don’t think we could cause anything the size of the flash crash, we could cause a miniature flash crash through GPS spoofing and the scaring away of high frequency traders.” Earlier in June, when he conducted a GPS spoofing demonstration for the U.S. Department of Homeland Security, Humphreys and his students were able to take control of an unmanned aerial drone by sending out false GPS signals.

In July Humphreys testified about GPS vulnerabilities before the Oversight subcommittee of the House of Representatives Committee on Homeland Security, and said he believed most major exchanges were aware of the spoofing threat. He said network service managers at the New York Stock Exchange, BATS Exchanges and the London Stock Exchange assured him they had taken precautions against GPS spoofing by employing back-up time management systems such as atomic clocks and network-based time systems. Such alternatives can kick in if a GPS-based time system acts oddly, provides time data outside of normal parameters or stops functioning. A spokesperson at the NYSE said the company did not comment on security matters but did say the company was equipped to handle long GPS outages and used a number of back-up systems.

Yet other parts of the markets, including high frequency trading firms, may be unprotected. “High frequency traders whose servers are co-located with the matching engines at major exchanges may be more vulnerable to GPS spoofing,” Humphreys told the House subcommittee. “Many co-located customers, distrustful of the exchanges’ system time, opt for the direct GPS feed.”

Humphreys says he has conducted tests at the University of Texas that showed GPS equipment used by some trading firms can be compromised. If that happens, those firms might leave the market en masse.

So what’s the response of the industry? One high frequency trader sniffed at Humphreys’s concerns, calling his warnings “super old hat.” High frequency traders know about the GPS system’s vulnerabilities and the need to employ backup time systems, he says. Although this trader acknowledged that it’s possible to spoof GPS signals, he did not think it could seriously impact trading activity.

Eran Fishler, director of algorithmic trading at Pragma Securities in New York, points out that GPS jamming is illegal, which serves as a major deterrent. He also says most high frequency firms have various timing systems in place, aside from GPS technology. “My sense is that it’s not a real issue,” Fishler said.

Others are more wary. According to Roji Oommen, director of business development at Savvis Inc., a manager of 32 data centers, GPS vulnerabilities are “a well known theoretical risk,” and he welcomes the attention Humphreys has brought to the issue. “It’s quite possible that firms whose trading strategies are not quite so sensitive about time may not pay attention to these issues and may thus be vulnerable to GPS jamming or spoofing,” Oommen said. He hopes that the financial industry will become more vocal about best practices in this area and possibly create standards to ensure greater safety in systems that use GPS.

According to the Financial Industry Regulatory Authority and the Securities Industry & Financial Markets Association, no standards currently exist regarding the use of GPS-based technology within the industry.

Charles Barry, a serial entrepreneur who recently sold Brilliant Telecommunications, a network timing and synchronization firm, to Juniper Networks, says the possibility of GPS jamming and spoofing impacting financial firms is a legitimate concern now that jamming devices are so prevalent and spoofing is more widely known. “There is definitely a higher degree of risk,” Barry said. Although that risk can be mitigated, he questioned whether all trading firms have taken steps to contain the risk.

Jennifer Bayuk, a security consultant to the financial services industry and director of the systems security engineering program at the Stevens Institute of Technology, says an overreliance on the part of a trading firm on auto-setting clocks based on GPS time, could cause multiple problems: The timing of financial transactions could be mislabeled, causing the audit trails of trades to be incorrect; counterparties might record disparate transaction times and automated reconciliation processes could process transactions that are outside their accepted boundary conditions while system servers could be spoofed into automated shutdowns.

She recommends that firms install multiple timing systems.

According to Tim Klimasewski, director of marketing services at Spectracom, the firm has anticipated problems because of trading firms’ excessive reliance on GPS timing and now offers hybrid timing technology based on both GPS and Glonass time systems, the latter being the global navigation satellite system developed in Russia. “The idea is that you have two completely independent but complementary time systems in place so that if the GPS system goes out, gets jammed or spoofed, there is a another, satellite-based system in place to provide accurate time,” he says. However, the firm has yet to see widespread adoption of such technology by trading firms. Alternatively, Symmetricom has recently introduced a new network-based time synchronization system, specifically designed for use by high frequency trading firms, described as enabling accurate time stamping of trade transactions and providing “nanosecond caliber accuracy.”

So what does Professor Humphreys think trading firms of all stripes should be doing to protect against the possibility of GPS jamming and spoofing attacks? “They should build their system to be highly suspicious of GPS systems,” he says. This means the use of backup timing systems, cross-checks of GPS time against non-GPS timing sources and the use of special GPS receivers that are regularly on the lookout for spoofing. “Unfortunately, that’s not an easy thing to do, as there isn’t much commercial hardware that has enough paranoia built into it yet,” says Humphreys. “But at the very least, they should be utilizing redundant atomic clocks, and if time is moving too swiftly on one of them, that should raise an alarm.”