September 9, 2011
For two years after the attacks of September 11, 2001, barricades lined the streets surrounding the New York Stock Exchange and pickup trucks loaded with sandbags blocked off traffic at seven intersections in the area. Uniformed soldiers bearing machine guns stood guard at key posts. Those barricades, decried as eyesores, came down in November 2003, replaced with more attractive steel fences. Streets were resurfaced with cobblestones. In place of the trucks came retractable posts and sculptured bronze blocks. The overhaul, which took until 2009 to complete and was financed with the help of $10 million from the Lower Manhattan Development Corporation, created a security zone without making the neighborhood look like a warzone.
Now, 10 years after the terrorist attacked that devastated part of Lower Manhattan, the Wall Street landscape has been transformed both literally and figuratively. The attacks, continuing technological shifts, and, of course, the financial crisis of 2008 have resulted in broad changes across financial markets — some plainly visible, others less so. And as those changes have taken place, the security concerns for the NYSE and Wall Street have evolved as well.
At the headquarters of the Big Board, those visible security measures still provide daily reminders of a changed world. But the NYSE itself has changed, too. The exchange, which had been a not-for-profit company at the time of the attacks, is now part of the for-profit, publicly traded NYSE Euronext, which posted $548 million in profits on $4.4. billion in revenue for fiscal 2010. And as market operators continue to consolidate, NYSE Euronext is itself in the process of being bought by Deutsche Börse AG.
Physical security, and geographic diversity, is still a prime concern. Lower Manhattan has become increasingly residential since 9/11, and many large financial firms have decamped for further uptown, in some cases moving certain operations out of New York City entirely. The NYSE’s home was not damaged in the 9/11 attacks and the exchange didn’t lose its trading capabilities that day. In fact, when trading resumed on September 17, the exchange handled a then-record volume of nearly 2.4 billion shares. But the attacks made clear that financial markets could be a target for terrorism.
In response, the New York Stock Exchange closed its visitor center and spent more than $100 million over the course of the next few years to improve its ability to prevent and recover from market disruptions. Within months of the attacks, the NYSE developed a backup trading floor, built at a cost of about $25 million, at an undisclosed location in New York City. That backup location could be open for trading within a day if the main trading floor is damaged, NYSE officials have said.
At the same time, the NYSE has also expanded outside the city. The exchange building in lower Manhattan may still be the symbolic heart of the global financial system, but the most critical functions of the exchange now take place at a 400,000 square-foot data center that opened last year in Mahwah, N.J. Dick Grasso, the former head of the New York Stock Exchange, recently made clear the extent of the transformation that’s taken place. “Lower Manhattan, as a processing site, is no longer key for the operations of the exchange,” Grasso said on CNBC in late August, in the aftermath of Hurricane Irene.
The trading floor of the Big Board is less important as a hub for transactions, says Professor James Angel of Georgetown University’s McDonough School of Business, who studies the structure and regulation of financial markets. “It’s not really a trading floor, it’s really a branding floor,” says Angel.
Those changes have been possible because, even before the 9/11 attacks, another key transformation was already well under way across the financial markets: The rise of computerized trading. That shift has only continued and accelerated in the years since 2001.
In August 2001, the New York Stock Exchange handled 83 percent of the trading volume in securities listed on the exchange, with transactions still done by humans shouting their buy and sell orders at trading posts on the exchange floor. Now, the NYSE handles just 25 percent of the volume in those stocks, according to Angel.
Those changes mean the threats to financial markets are now electronic as much as they are physical. Exchanges including the NYSE and Nasdaq and organizations such as the International Monetary Fund have faced—and continue to face—cyber attacks. Robert Greifeld, the CEO of the company that operates the Nasdaq, said recently that the exchange faces “constant attack” by hackers and would spend more on information security in 2011 because of those attacks. Regulators have been “leaning on the exchanges to make sure they’ve got bullet-proof cyber security,” says Georgetown’s Angel.
Since 2001, the Government Accountability Office, the investigative arm of Congress, has released a series of reports on the security of financial markets and their ability to prevent and recover from attacks and other disasters. In a March 2003 report titled “Additional Actions Needed to Better Prepare Critical Financial Market Participants,” the GAO noted that the exchanges, broker-dealers, clearing houses, and banks “made heroic and sometimes ad hoc and innovative efforts to restore operations” after 9/11. “However, the attacks revealed that many of these organizations’ business continuity plans had not been designed to address wide-scale events.”
By March 2007, though, the GAO found that market players were much better prepared and that key exchanges and market operators “have acted to significantly reduce the likelihood of physical disasters disrupting the functioning of U.S. securities markets.” The organizations studied all had geographically dispersed backup locations in place and had beefed up their physical and cyber security measures. (The 2007 report noted that several steps still needed to be taken for the markets to better withstand disease pandemics, but the recommendations in the report have since all been implemented.)
The rise of upstart electronic exchanges means that financial markets are much less vulnerable to disruption by problems at any one marketplace. But as technology changes, the digital threats are becoming more sophisticated. “Over the past decade, cyber attacks have evolved considerably in their complexity, diversity and overall volume,” says Tom Kellermann, chief technology officer for AirPatrol Corp. and co-author of the book E-safety and Soundness: Securing Finance in a New Age.
Earlier this year, exchange operator Nasdaq OMX admitted that it had detected suspicious files on its computer network in late 2010. Nasdaq said the hacking attack, which involved repeated breaches, did not target its trading systems but were aimed at a program called Directors Desk, which allows corporate board members and executives to exchange non-public information. The exchange alerted U.S authorities, but did not disclose the breach publicly until after a report about it appeared in The Wall Street Journal.
In response to the hacking, Sen. Robert Menendez (D-NJ) sent a letter to Securities and Exchange Commission Chairwoman Mary Schapiro expressing his concern about the vulnerabilities of American markets and suggesting that greater efforts need to be taken to protect against such cyber attacks. “Tech-savvy hackers breaching American exchanges may threaten the savings, pensions, and retirements of middle class families across the country,” Menendez wrote, “and it shakes the foundation of our markets that are just beginning to recover.”