Friday, February 11, 2011

Security lessons from the Financial world...

I'm getting caught up on some reading that I set aside until I had a gap.  Once again, an InfoWorld columnist has pointed out an IT security threat that can affect the SmartGrid.  In a nutshell, Bill Snyder (whose column is on the financial side of IT) points out that a sufficiently clever hacker could manipulate the financial markets, particularly the ultrafast transactions in high-frequency trading networks, in a way that would be exceedingly difficult to trace.

Our anti-hero wouldn't send a bogus transaction, pretend to be someone else, or any of the usual schemes.  All (s)he would have to do is diddle with network latency.  In some (nay, many) financial markets the phrase "seconds count" is outdated.  In these markets transactions delayed by milliseconds can make a difference of millions of dollars in the value of a transaction.  You don't have to take my word for it, since Bill Snyder points to both a cPacket Networks whitepaper and a previous InfoWorld Column that discusses an article in Physics Review E that suggests that the location of financial datacenters should take into account the latency that distance adds to speed-of-light communications.

The latter paper (titled "Relativistic statistical arbitrage") reads like what you would expect at the conjunction of physics, mathematics and economics, containing phrases like "Such slowing or stopping of the propagation of pricing information due to arbitrage is somewhat analogous to the refraction and  scattering of light by a dielectric medium, but novel in an econophysical context."

It's a dense read. It's also bleeping brilliant, and potentially deeply frightening.

Okay, so what does that mean for the SmartGrid world?  Ask any power engineer about what effect a few milliseconds change in latency lag would have on frequency regulation, particularly in an "event" scenario.  I'm not that imaginative, but I can see some clever soul with an ax to grind, a point to make, or a bundle of cash to make, playing "crack the whip" with spinning reserve.


For that matter, some enterprising soul could make a bundle in our bulk energy markets, if the transactions get dense enough.

Once again, security is not a product feature, it's a business mindset.

No comments:

Post a Comment