Following the Attacks of 9/11, Wall Street Increased its Defences
While advances in technology have changed markets radically, some now worry cyberattacks pose a leading threat to trading operations
The nearly weeklong stock-market shutdown that followed the Sept. 11 attacks seems unimaginable in today’s world of round-the-clock trading.
During the past 20 years, advances in technology and broad efforts to bolster U.S. market infrastructure have made such outages rare. Last year, when the coronavirus pandemic led to plunging stock prices, record volumes and an abrupt shift to remote work on Wall Street, the stock market stayed open and its core systems operated largely glitch-free.
Yet some investors and officials worry that financial markets could still be crippled by an attack—one using sophisticated hacking tools rather than physical force.
“As we have digitized our lives, which has generally been a great blessing, we have sown the seeds for even greater destruction in terms of the ability to hack into our systems,” says former Securities and Exchange Commission Chairman Harvey Pitt, who led the agency on Sept. 11, 2001. “That is today’s equivalent of a 9/11 attack. There is a potential ‘black swan’ event every single day.”
The terrorist attacks on the U.S. 20 years ago showed the financial system’s vulnerability to physical destruction. When the Twin Towers collapsed and more than 2,000 people were killed, the financial industry’s critical communications systems were disrupted. The stock market stayed closed for four trading days—its longest shutdown since 1933—as crews worked to fix the damage. The bond market was closed for two days. Futures exchanges as far away as Chicago were shut temporarily as well.
In the years that followed, brokerages and exchanges moved many of their key systems out of lower Manhattan. Regulators pushed firms to do additional testing to make sure markets could stay open in a disaster.
The demise of old-fashioned trading floors also made markets less prone to physical attacks. In 2001, thousands of traders still flocked to the floor of the New York Stock Exchange daily. While the NYSE’s building wasn’t damaged, many phone lines and data links to the exchange were severed, and officials at the Big Board hesitated to let traders and other personnel back while the Ground Zero recovery effort was still under way.
Today, trading volume at the NYSE and other stock exchanges is overwhelmingly electronic, occurring in nondescript, tightly secured data centers in New Jersey. The NYSE, now owned by Intercontinental Exchange Inc., still maintains a trading floor. But its population is far smaller, and when the site closed for two months last year due to Covid-19, the impact was mostly symbolic.
“On 9/11, I couldn’t see how the markets could reopen. The entire nerve center for the financial markets was decimated,” says Eric Noll, a former Nasdaq Inc. executive who now leads investment firm Context Capital Partners LP. “Now it’s hard for me to imagine a situation where the markets wouldn’t open. A lot more resilience has been built into the system.”
The last time a disaster caused the stock market to close was in 2012, when superstorm Sandy led to a two-day shutdown. Although exchanges had backup plans ready ahead of the storm, banks and trading firms pushed for the closure out of concern that they weren’t ready to handle the NYSE’s contingency plan to close its floor and go all-electronic, The Wall Street Journal reported at the time.
Two years later, the SEC adopted a regulation that mandated coordinated, annual tests of exchanges’ disaster plans, among many other requirements. Exchange-industry veterans say the rule helped make trading mishaps less common and instilled confidence that markets would hold up the next time disaster strikes.
Still, vulnerabilities remain. Popular online brokerages such as Fidelity Investments, Robinhood Markets Inc. and Vanguard Group have suffered glitches since the onset of the pandemic, often when heavy traffic made their websites or apps inaccessible to customers.
The threat of hackers worries officials and Wall Street executives. In April, Federal Reserve Chairman Jerome Powell said in an interview with CBS that cyberattacks had become the foremost risk to the financial system, greater than the types of factors that led to the 2008 financial crisis.
A cyberattack on the financial system could shake investor confidence more than 9/11 did, says Jim Besaw, chief investment officer of GenTrust, a wealth management firm that manages $3.5 billion in assets.
GenTrust periodically stress-tests its portfolio to model the impact of an attack, Mr. Besaw says, adding that the firm’s worst-case scenario envisions markets closing for two weeks.
“If you had a widespread cyberattack, it would be a bit more uncertain when things would get back to normal,” he says. “That level of uncertainty could be damaging to markets.”