Decentralization key to infrastructure protection

Decentralized systems, such as those used by electronic communications networks (ECN) to trade securities, are a good model for protecting systems from catastrophic attacks such as Sept. 11, financial executives told a U.S. House subcommittee late last month.

“Currently we have a very high centralization” in security trading, said Kim Bang, president of Bloomberg Tradebook LLC, an electronic broker, and “I think it would behoove the industry to have more than one hub … and ECN, certainly, is a venue well suited.”

Appearing before the U.S. Subcommittee on Commerce, Trade and Consumer Protection, Bang and others testified on the impact of the terrorist attacks on communications infrastructure.

ECNs bring security traders together without a middleman; buyers and sellers meet electronically through private networks that can be located anywhere. Increased use of decentralized systems “could help in the future to absorb shocks,” said Joel Steinmetz, senior vice-president at New York-based Instinet Corp., which operates an ECN.

Internet traffic continued to flow following the terrorist attacks, and it’s the Internet-like structure of ECNs that drew the attention of the committee. “An ECN is not unlike the Internet in that it provides a platform that allows perfect strangers to enter from anywhere and meet in an anonymous environment,” said committee chairman Clifford Stearns.

A key problem that affected Instinet and other businesses after Sept. 11 was the destruction of Verizon Communications’ telecommunications facilities in lower Manhattan, knocking out phone service.

Catherine Kinney, a vice-president at the New York Stock Exchange Inc., said debate should focus on the issue of telecommunications connectivity “and ensuring that in the future there are alternatives and contingencies well planned for.”

“It’s critical to understand that disasters such as these are not averted by hardening a single point of failure,” said Steven Randich, CIO at Nasdaq Stock Market Inc. in Washington. “They are avoided by having resilience built into the network and backup connections and backup vendors. This is the key [IT infrastructure] lesson from this tragedy.”