GNSS vulnerabilities threaten the business continuity of global financial services

Timezone clocks showing different time

Written by Richard Hoptroff, Founder and Chief Technology Officer at Hoptroff

Detailed risk assessment plans must be meticulously drafted and cover the breadth of changing risks to safeguard business continuity.

For global financial services and other industries, an important risk is the increasing vulnerability of the global navigation satellite system (GNSS) and therefore, the global positioning system (GPS). An upcoming roundtable explores why this is so important for financial services and why they should consider complementary technologies for synchronised timing services.

All this begs a few questions, what currently binds the operations of global financial services with GNSS? And what risks does this dependency expose?

Why is GNSS important for global financial services?

As a vital component of the global financial market, GNSS provides positioning, navigation, and timing (PNT) services on a global or regional basis.

Global financial services conduct innumerable financial transactions, with microsecond precision, and rely on accurate timestamping to validate them, monitor compliance, and reduce fraud. GNSS helps to verify transactional jurisdiction and ensures timing is precisely synchronised and traceable to UTC – an imperative needed for consumer trust in financial markets. GNSS timing is also used to provide reliable data for financial analytics, an essential element in making informed decisions about investments and other financial activities.

Accurate and synchronised time is so important regulators have introduced the Consolidated Audit Trail (CAT) in the USA and Markets in Financial Instruments Directive II (MiFID II) in Europe to protect financial transactions and their stakeholders. These regulations demand a sub-second accuracy of 100 microseconds and 50 milliseconds respectively for financial transactions. Without sufficient accuracy, all the devices in a distributed process wouldn’t share the same time and the records they produce will put events in the wrong sequence and with incorrect intervals.

With synchronised time crucial for global financial services, it is no wonder why questions surrounding the vulnerabilities of GNSS are surfacing.

GNSS vulnerabilities

Increasingly sophisticated and targeted cyber-attacks, jamming and spoofing (deliberately transmitting false signals) disrupt GNSS signals and compromise the accuracy and reliability of the data underpinning financial trading and transactions. If a financial trade cannot be pinned to an accurate time, how can its price be verified? What if this were to happen with hundreds or thousands of automated trades?

For global financial services and traders operating in the cloud and conducting thousands of transactions a second, microsecond speed must be consistent throughout all platforms. Resilient, traceable, and most importantly, accurate clock synchronisation is key to avoiding the risk of cancelled agreements and transactions.

Any deliberate interference of GNSS signals has the potential to cause huge financial losses, operational disruption and reputational damage. CAT and MiFID II regulations mandate precise timestamping to mitigate these risks.

Critical Infrastructure and business continuity

In January 2020, the US introduced Executive Order (EO) 13905 to address concerns about the potential national security risks posed by the increasing reliance on GPS technology. They have instructed critical national infrastructure such as financial services, communications, healthcare, transportation and more, to find alternatives to GNSS for time synchronisation.

The US Department of Transportation (DoT) recognises these threats and is funding research into alternative solutions to minimise GPS dependency. It is suggested various technologies such as low earth orbit satellites (LEOs), and terrestrial broadcasting, could be used to complement the current GPS infrastructure and improve business continuity when GNSS signals are disrupted.

Those working in the timing industry mirror this position and recommend complementary timing solutions be considered for business continuity

“Businesses and financial institutions need to accept and start planning how they are going to mitigate the risks associated with GNSS,” said Tim Richards, CEO at Hoptroff. “Business and financial institutional decision-makers need to better understand the impact and disruption GNSS vulnerabilities can have on their bottom line and why they need to act now.”

Find out more about why time synchronisation is so important for the industry.

The risk assessment plan

A GNSS risk assessment plan should consider the potential liabilities associated with having business critical infrastructure overly dependent on satellite signals.

Strategies are needed to mitigate these risks. Companies should consider other PNT sources and how they complement their existing GNSS solution. How this will bolster operational resilience, and the response training needed for staff when faced with GNSS disruptions.

Hoptroff Traceable time as a service (TTaaS®) is a complementary timing solution used to safeguard against GNSS vulnerabilities. Hoptroff TTaaS® provides UTC time to 100-microsecond accuracy from multiple satellite feeds and a terrestrial source. Installed directly on the servers the software synchronises your local clocks enabling remote monitoring and reporting without the need for any clocks, hardware or GPS installation.

Summary

GNSS is a critical component of the global financial market, any disruption or failure of which could have a catastrophic impact on the global economy.

It is essential for global financial services to add GNSS to their risk assessment plans for improved business continuity. Assessing the potential risks associated with GNSS disruption or failure, and developing strategies to mitigate these risks through the use of complementary technologies is paramount. This might include the diversification of current timing solutions so global financial services are not solely reliant on GNSS.

To find out more about GNSS vulnerabilities and what financial services companies can do to mitigate the risks, register for GNSS the time is up, a livestream roundtable where senior leaders from across government, industry and global financial services will discuss what businesses need to know, consider and do to reduce the risk of GNSS dependency.

About Lisa Baker, Editor 2293 Articles
Lisa Baker is the Editor of Always Finance, and writes about Business, Finance Technology and Healthcare. Lisa is also the owner of Need to See IT Publishing.