ASEAN STOCK EXCHANGE DATA SECURITY SYSTEM

Young Engineers and Scientists (YES) Summit 2015 – Idea Book

ASEAN STOCK EXCHANGE DATA SECURITY SYSTEM

SUBCLUSTER : Information Security

Background of the Problem

The stock exchange plays many roles in the economy sector—such as raising capital for businesses, mobilizing savings for investment, facilitating company growth, and profit sharing. Also, it serves as the barometer of economy. As the barometer of economy, especially the ASEAN economy that is emerging right now, the stock exchange in ASEAN is already linked to the ASEAN Exchange. The ASEAN Exchange is a collaboration of the 7 exchanges from Malaysia, Vietnam (2 exchanges), Indonesia, Philippines, Thailand, and Singapore to promote the growth of the ASEAN capital market by bringing more ASEAN investment opportunities to more investors. The purpose of the trading link is to connect the security markets of the ASEAN exchanges, essentially making it just as easy for investors to trade in other ASEAN capital markets as if trading in their own domestic market. The major problems faced by this collaboration is that out of the ten (10) countries in the ASEAN community, only six (6) of them are active—Vietnam, Indonesia, Philippines, Singapore, Thailand, and Malaysia. The inactivity of the remaining countries makes creates a big problem for the collaboration of the ASEAN Stock Exchange market. Because stock exchange plays a key role in a country’s economy, one of the main issues is data security. Security of ASEAN Exchange is essential because the moment it collapses, it can make domino effect among the ASEAN countries and eventually, the world. In addition, securing a vibrant stock exchange can motivate the rest of the countries to join the ASEAN stock exchange. The damage that will be faced if a stock exchange is hacked in a single coordinated attack is that a hacker buys and sells millions of shares of a single company or multiple companies, causing trading to halt or decimating the value of a single stock. For instance, if 100 stocks of the top Fortune 500 companies will get harmed, then we will have a market collapse. Trading for the day would halt and uncalculated economic damage would be done. Because of that, building a strong data security network will protect and prevent the loss of millions of shares in ASEAN stock exchange market.

Current Condition (Supporting Data)

Several hacking incidents involving large stock markets have already occurred all over the world. As mentioned previously, the vulnerability of the current ASEAN Exchange may lead to the possiblity of getting involved in the same hacking incidents. Some of the most prominent hacking incidents will be given elaboration in this portion to be able to demonstrate instances on how a system hack basically works, and what have been done in response to such incidents.

Five years ago, a massive hack was done to NASDAQ, an American stock exchange. According to an article by Michael Riley from Bloomberg Business (2014), the means of the attack was by sneaking malware into the company’s internal servers. This has caused missile plans, chemical formulas, power-plant pipeline schematics, and economic data to be stealed. Right after the occurrence of the major incident, US experts analyzed the malware found, and apparently it was an attack code designed to cause damage. Nasdaq's own stock, which was up 0.8 per cent before the halt, closed down 3.4 per cent, after earlier trading down as much as 5.4 per cent. The exchange blamed a problem with distributing stock price quotes for the shutdown. Later on, series of investigations have been launched, but up to now, there hasn’t been any clear resolution to the incident. The attack on Nasdaq is far from the first time an exchange has been singled out by hackers. In a survey conducted for the World Federation of Exchanges report, 53 percent of all exchanges said they had experienced a cyberattack during the last year.

 Another major hack was done to Sony Pictures Entertainment last year. This involved the massive leakage of confidential data belonging to the said company. A malware software program was implanted into Sony’s computer infrastructure, and this has caused data erasure from the servers. Though Sony was warned beforehand of the attack, it was still inevitable. The hack was believed to be done by North Korea by the US, but cybersecurity experts have expressed doubt about such claims. Though there are two independent analyses of the incident, there are still not definite conclusion from the said attack.

From these instances, it is apparent that hacking may be predictable or unpredictable, but it is inevitable. Moreover, once an attack has been done, it impacts a massive damage onto the affected system. Though hackers don’t infect the victim’s servers or computers, important data are usually stealed.

Having these information presented, it shows that no matter how big or prominent a system is, apparently, it is still not secured enough. Thus, it is possible that these past hacking instances could also affect the ASEAN Stock Exchange, and a concrete action must be done to prevent or resist these unwanted attacks.

Ideas & Solutions

A report from Reuters in July 2013 found that 53% of the world's securities exchanges had experienced at least one cyber-attack in 2012. Most were simple denial-of-service or virus attacks—but they are getting better.

Cybercrime appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage. While there are safeguards such as market monitors and circuit breakers, this attack could happen quickly, rapidly, and across multiple fronts, laying waste to investor confidence and damaging the economy.

Measures can be followed in order to prevent and protect hacking in the ASEAN stock exchange. We need a framework that will integrate all processes in order to have a well secure stock exchange data around ASEAN Community, which is the ASEAN Stock Exchange Data Security System (ASEDSY). This system can be able to solve the problem of hacking and put preventive meansure for data security issues in the feature, because it fulfills the three aspects of information security—confidentiality, integrity, and availability (CIA). For confidentiality, it ensures that ASEAN countries can’t access each other’s data and then share it to other member states. In the case of  integrity, the system has a mechanism to encrypt data, backup data, control data access, input validation, and data validation. Finally, for availability, it can optimize performance when accessing data to make always available. The system has the following features:

Maintenance of data:

• Data storage: ASEAN Exchange stores data in data centre in each country. Each data is encrypted and each administrator has its own key, so an administrator from another country can’t access the data.
• Backup and recovery system: An internal server is to be regularly backed up—every day (for the internal server) and every month (outside server/other ASEAN country)—and recovery must be done if damage occurs.
• Performance optimization: The access performance must be optimized enough for us to keep the system up and running.

Monitoring:        

• Tracking and visualization security breach: It helps to investigate on the data breach and put in proactive measures to prevent further attacks in the future.
• Security breach prediction: Through research, it would be possible to detect anomaly activities on data accessing in the future.

Conclusions (Closing Statement)

In the future, we can have web seminars (webinars) to share current and future issues about data security. Also, before implementing this idea, there must a memorandum of understanding (MOU) amongst the ASEAN Community to agree on the same visions and missions to protect our stock exchange data.

In conclusion, for the future development of a well-protected data in the ASEAN stock exchange market, there must be collaboration amongst ASEAN countries and a summit must be organized amongst stakeholders to discuss the potential challenges and develop policies on data security issues.

BIODATA

Name                                      :           Ibrahim Musa

University                               :           Institut Teknologi Sepuluh Nopember (ITS)

e-mail                                     :           ibmusa1989@hotmail.com

Phone Number                        :           +6282234916831

Ambition                                :           Logistics Manager      

Name                                      :           Patricia Ann Marie Ortiz

University                               :           University of the Philippines Diliman

e-mail                                     :           patriciaannmarieortiz@gmail.com

Phone Number                        :           +639399236198

Ambition                                :           Electronics Engineer      

Name                                      :           Dinda Novitasari

University                               :           Brawijaya University

e-mail                                     :           id.dindanovitasari@gmail.com

Phone Number                        :           +6281331187561

Ambition                                :           Computer Scientist and entrepreneur

Name                                      :           Idsarut Sangsuan       

University                               :           Chulalongkorn University

e-mail                                     :           idsarut.ss@gmail.com           

Phone Number                        :           +668121881   

Ambition                                :           COO (Chief Operating Officer)

Name                                      :           Muhammad Herwindra Berlian

University                               :           Electronics Engineering Polytechnic Institute of Surabaya

e-mail                                     :           herwin@windowslive.com

Phone Number                        :           +6281939115544

Ambition                                :           CTO (Chief Technology Officer)     

Download Document : https://bit.ly/2DRRCus