We are not convinced that non-public data and PII will be safeguarded properly if measured against our suggested minimum requirements (please see Table 1 of our Novemcomments). The trading and investment communities are concerned that User Defined Direct Query and bulk extraction increase the vulnerability of data being misused for impermissible purposes. The CAT NMS Plan failed to address the following causes for potential information leak: Membership Inference Attacks, Reconstruction Attacks, Property Inference Attacks, and Model Extraction. It lacks scenario planning to counter different implementation of attacks (Centralized/ Distributed Learning). CAT must up its game for security protection against infiltration and foreign adversaries or else it could become a threat to National Security. capital market, which trades in trillion dollars daily. An insecure and breached CAT can cause the destabilization of the U.S. Additionally, the Director of National Intelligence has warned about China and Russia being the biggest threats to the U.S. NOT a hypothetical “ black swan” cyber breach. The Central Intelligence Agency – Edward Snowden case is a prime example, i.e. Hackers do not necessary come from outside compromised internal executive(s) and staff(s) and contractors may pose even higher dangers because of potential cover ups and abilities to profit off any stolen data. Data-vault, data-lake, and ‘golden source of data’ are indeed attractive targets for hackers to treasure hunt. The outdated design of CAT with all the non-essential data ‘at-rest’ and ‘in-motion’ makes it more vulnerable to security threats than modernized RTAP. Prior to addressing these wastages, it is unfair and premature to ask for funding of this CAT. Timely action in curbing potential abuse, protecting investors, and/or regulating an abnormal market event is missed. ![]() “T+5 days” regulatory access means unproductive idle time. Nevertheless, real-time or velocity of data serves to provide higher value than veracity of data during a ‘market crash’. ![]() Real-time analytic platform (RTAP) and modern techniques could be applied closest to the original source of the data to avoid the multiplicity of storage and data protection costs. Data is redundantly stored at industry members’ systems and at the CAT system and then is regurgitated in bulk to CAT participants’ systems, all causing significant wastages. When data is ‘at-rest’ rather than ‘in-use’, it serves no value other than one has to pay for storage of the data. In particular, frequent transmittal of data in-and-out and within CAT, unnecessary data-in-motion traffic, is wastage and more susceptible to defects. Not only in terms of building and on-going operating costs, but it also introduces huge wastages and is non-environmental friendly according to Six-Sigma. The CAT project is outsized and is a Money Pit. A good decision, made now and pursued aggressively, is substantially superior to a perfect decision made too late. Analysts need sensors, not an encyclopedia. ![]() By the time a common standard is adhered, the value of the data will subside to almost worthless within the context of market surveillance. It will take “forever” to come up with a “golden” unified “single source of truth”. The CAT’s technical design since 2012 as a golden-source while well intended (or a “gigantic data-vault”) is out-of-date. Indeed, have mercy on them because every constituent (including industry members) seems individually bound to achieve the following goals concurrently: (a) fulfill the SEC’s mandate to regulate/ promote the safety and soundness of market, (b) the public interest – address the civic concerns about Massive Government Surveillance, (c) uphold and the continue pursuant of National cybersecurity and privacy protection best practices, and (d) comply with the Fourth Amendment of US Constitution, the Department of Justice’s latest edition of the Privacy Act of 1974 and other applicable laws and new bills introduced recently. ![]() FINRA, CAT LLC, and the Exchange Groups). We argue against the limitation of liability proposal and the revised funding model NOT BECAUSE we have any dislike for the CAT processor and its participants (i.e. We praise the honorable goals of the Consolidated Audit Trail (CAT) as a means to prevent future flash crashes and in doing so allow the SEC and other market regulators to “ rapidly reconstruct trading activity and quickly analyze both suspicious trading behavior and unusual market events”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |