下一个大型贸易故障可能来自天空吗?卫星技术的专家表示,这是可能的,并且他希望更多的贸易商和投资者能够了解潜在的问题。
德克萨斯大学奥斯汀分校航空航天工程和工程力学教授托德·汉弗莱斯(Todd Humphreys)表示,危险在于全球定位卫星系统。他认为,高频交易员依靠GPS技术获得准确的时间信号来指导他们的交易策略,但卫星系统的屋顶接收器容易受到干扰。他补充说,GPS信号也可能成为黑客攻击的目标,即所谓的“欺骗”,这种攻击可以发出虚假的时间信号,扰乱交易。
“GPS漏洞代表了我们国家金融系统的软点,”Humphreys告诉亚博赞助欧冠。
To date, there have been no official reports of GPS technology jamming or spoofing impacting securities trading or the financial industry, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), a clearing house for security updates, and the American Bankers Association. But that doesn’t mean such attacks couldn’t happen, considering our ever-widening dependence on GPS technology.
GPS干扰和欺骗已经困扰了许多其他行业和组织,这取决于系统的31个卫星的星座提供的精确时间和位置数据。例如,2009年,纽瓦克自由国际机场的GPS引导系统由该地区的卡车司机扰乱了该地区的卡车司机,以防止他的雇主监测他的下落。它占机场几个月才能正确识别问题。测试表明,依赖于GPS技术进行精确定时的蜂窝网络可以是欺骗,导致蜂窝塔阻止电话呼叫和911服务。在今年5月,韩国抱怨朝鲜故意堵塞南方航空公司GPS系统和他们向飞行员提供的地点数据,可能会面临风险。
因此,这并不奇怪,这对美国金融服务业的潜在脆弱性有所了解,尤其是高频交易员。
How exactly do traders use GPS technology?
全球定位卫星将精确的时间数据传输到坐在数据中心的GPS天线,其中许多高频交易公司拥有其计算机系统。天线将此信息传输到公司的交易计算机。此类信号有助于正确指导公司的高速交易算法,该算法在一秒钟内执行交易策略的软件程序。时间信号确保在算法中的每个决策点处,它具有与其从其他来源接收的数据相关的正确时间。它还有助于确保正确保存时间戳和时间记录。这允许在整个网络中正确排序交易和时间同步。如果算法未收到正确的时间,则交易策略可能无法正常运行,策略可能无法以盈利方式调整或纠正,或者算法可能会停止全面工作。
“If you mess with the timing of a GPS source, you could make it look like a price is going up rather than going down and impact real-time trading,” says Victor Yodaiken, CEO of FSM Labs, a provider of time synchronization software for high frequency trading firms.
The big danger, says Humphreys, is that when the algorithms employed by high-speed traders detect discrepancies in time data, they may stop functioning and create a liquidity vacuum, akin to what happened in the flash crash on May 6, 2010.
“如果我想,我的学生,我可以ake money off of our knowledge of the vulnerabilities of GPS,” says Humphreys, who has built what Mark Psiaki, a professor of mechanical and aerospace engineering at Cornell University, has described as “the baddest” GPS hacking device known.
“其次,我们可能会造成市场混乱,”汉弗莱斯坚称虽然我不认为我们可以造成任何规模的闪存崩溃,但我们可以通过GPS欺骗和吓跑高频交易员,造成一个微型闪存崩溃。”6月早些时候,当他为美国国土安全部(U.S.Department of Homeland Security)进行GPS欺骗演示时,汉弗莱斯和他的学生能够通过发送虚假的GPS信号来控制无人驾驶飞机。
7月Humphreys在国土安全议会委员会议院监督小组委员会之前作证了关于GPS漏洞,并表示他认为大多数主要交易所都知道欺骗威胁。他表示,在纽约证券交易所的网络服务经理,蝙蝠交流和伦敦证券交易所向他提供了通过采用原子钟和基于网络时间系统等备份时间管理系统来防止GPS欺骗的预防措施。如果基于GPS的时间系统奇怪的作用,则此类替代方案可以启动,在正常参数之外提供时间数据或停止运行。纽约证券交易所的发言人表示,该公司没有评论安全事宜,但确实说该公司设备已经能够处理长GPS中断并使用了许多备份系统。
Yet other parts of the markets, including high frequency trading firms, may be unprotected. “High frequency traders whose servers are co-located with the matching engines at major exchanges may be more vulnerable to GPS spoofing,” Humphreys told the House subcommittee. “Many co-located customers, distrustful of the exchanges’ system time, opt for the direct GPS feed.”
Humphreys says he has conducted tests at the University of Texas that showed GPS equipment used by some trading firms can be compromised. If that happens, those firms might leave the market en masse.
那么,业界对此有何反应?一位高频交易员对汉弗莱斯的担忧嗤之以鼻,称他的警告是“超级老掉牙的帽子”。他说,高频交易员知道GPS系统的弱点,也知道需要使用备用时间系统。尽管这位交易员承认有可能伪造GPS信号,但他并不认为这会严重影响交易活动。
纽约邦证券的算法交易总监Eran Fishler指出,GPS干扰是非法的,这是一个主要的威慑力量。他还表示,除了GPS技术之外,大多数高频公司都有各种定时系统。“我的感觉是,这不是一个真正的问题,”Fishler说。
Others are more wary. According to Roji Oommen, director of business development at Savvis Inc., a manager of 32 data centers, GPS vulnerabilities are “a well known theoretical risk,” and he welcomes the attention Humphreys has brought to the issue. “It’s quite possible that firms whose trading strategies are not quite so sensitive about time may not pay attention to these issues and may thus be vulnerable to GPS jamming or spoofing,” Oommen said. He hopes that the financial industry will become more vocal about best practices in this area and possibly create standards to ensure greater safety in systems that use GPS.
According to the Financial Industry Regulatory Authority and the Securities Industry & Financial Markets Association, no standards currently exist regarding the use of GPS-based technology within the industry.
Charles Barry, a serial entrepreneur who recently sold Brilliant Telecommunications, a network timing and synchronization firm, to Juniper Networks, says the possibility of GPS jamming and spoofing impacting financial firms is a legitimate concern now that jamming devices are so prevalent and spoofing is more widely known. “There is definitely a higher degree of risk,” Barry said. Although that risk can be mitigated, he questioned whether all trading firms have taken steps to contain the risk.
金融服务业的安全顾问、史蒂文斯理工学院(Stevens Institute of Technology)系统安全工程项目主任詹妮弗•巴尤克(Jennifer Bayuk)表示,一家贸易公司过度依赖基于GPS时间的自动时钟,可能导致多重问题:金融交易的时间可能被错误标记,导致交易的审计跟踪不正确;交易对手可能会记录不同的交易时间,自动对帐流程可能会处理超出其可接受边界条件的交易,而系统服务器可能会被欺骗而自动关闭。
She recommends that firms install multiple timing systems.
According to Tim Klimasewski, director of marketing services at Spectracom, the firm has anticipated problems because of trading firms’ excessive reliance on GPS timing and now offers hybrid timing technology based on both GPS and Glonass time systems, the latter being the global navigation satellite system developed in Russia. “The idea is that you have two completely independent but complementary time systems in place so that if the GPS system goes out, gets jammed or spoofed, there is a another, satellite-based system in place to provide accurate time,” he says. However, the firm has yet to see widespread adoption of such technology by trading firms. Alternatively, Symmetricom has recently introduced a new network-based time synchronization system, specifically designed for use by high frequency trading firms, described as enabling accurate time stamping of trade transactions and providing “nanosecond caliber accuracy.”
那么,Humphreys教授认为所有条纹的交易公司应该做些什么来防止GPS干扰和欺骗攻击的可能性?“他们应该建立他们的系统,以对GPS系统非常可疑,”他说。这意味着使用备份时序系统,对非GPS定时源的交叉检查,以及使用定期的特殊GPS接收器,以便欺骗。“不幸的是,这并不是一件容易的事情,因为没有多少商业硬件已经拥有足够的偏执,尚未建立在它,”Humphreys说。“但至少,他们应该利用冗余原子钟,如果时间太快地在其中速溶,那应该引起警报。”