FIA’s Walt Lukken announces Cyber Risk Taskforce after ION Markets ransomware

“Our goal is to avoid redundancy and ensure that if a similar incident occurs in the future, the industry will be better prepared and clearly coordinated in how to respond.”

Walt Lukken, President and CEO of the Futures Industry Association (FIA) spoke before the US Commodity Futures Trading Commission’s Market Risk Advisory Committee on 8 March 2023 in Washington, D.C. about the recent ION Markets cyber incident.

ION Markets is a software service provider that offers middle- and back-office products to a number of clearing firms that are active in futures markets, not only in the US but also in Europe, Asia-Pacific, and the rest of the Americas.

Those services are embedded in the execution and clearing workflow at these firms, and any disruption makes it difficult for firms to process their trades in a timely and efficient way.

FIA assisted firms in reconnection phase after February 6

According to his statement, FIA became aware of an outage at ION Markets impacting the trading and clearing of exchange traded derivatives in the early morning hours of Tuesday, January 31, London time, and immediately worked to identify the scope and impact of the outage.

“By roughly 7:30 a.m. Eastern Time, it became clear that this outage was significant and widespread. We also heard the first rumblings that this was not simply an outage, but possibly a cyber incident. Later that morning, FIA held a call with roughly 150 industry members from the Americas, Europe and Asia. We held three additional calls with members that first day, including an evening call with members in the Asia-Pacific region – many of whom were just waking up to news about the ION outage. Also on that initial day, once the severity of the outage had become clear, FIA contacted CFTC division staff to share what we had learned from our members and to highlight some potential regulatory challenges for the industry. We also reached out to the National Futures Association and key non-US regulators to inform them of the same”, Walt Lukken stated.

FIA continued holding regular calls to coordinate with its global membership – clearing firms, exchanges, CCPs, service providers and some regulators – over the course of that week, with calls growing from 150 invited participants to more than 700 individuals from around the world by week’s end.

According to Lukken, these calls were critical for the sharing of important information amongst market participants to keep the markets open and functioning and allowed FIA to expedite requests and dialogue with the CFTC, NFA, and other global regulators around necessary regulatory relief.

It is the understanding of FIA that firms utilizing ION’s software suite are now back to business-as-usual operations, he continued, as ION was able to accelerate the recovery by February 6 and rebuild its systems over the weekend. FIA assisted firms during the “reconnection” phase of by sharing industry protocols and best practices for reconnecting systems.

FIA President praises NFA, exchanges and clearinghouses for deadline flexibility

FIA’s President took the opportunity to highlight the importance of flexibility and communication during a crisis, and praise exchanges and clearinghouses from around the globe, from Australia to North America for their flexibility in extending deadlines. “The Commission and National Futures Association also deserve credit for their direct engagement with market participants throughout this crisis, and the flexibility afforded to some of the reporting requirements for registered entities. These actions reduced stress when the markets were most vulnerable without adding risk to the markets”.

To prevent future incidents, the association has formed a global Cyber Risk Taskforce to look at the ION event and to develop recommendations for improvements to our markets.

“This taskforce will focus on several areas including existing cyber protections and protocols, the effectiveness of the industry’s initial response, best practices around reconnection, and safeguards around third-party service providers. We aim to release an initial report by the second quarter of the year. Many CFTC registrants are already subject to cyber requirement rules through NFA and through prudential and other regulatory regimes.

“Our task force will catalogue these existing requirements and determine whether additional measures are needed to strengthen our industry’s resilience. Our goal is to avoid redundancy and ensure that if a similar incident occurs in the future, the industry will be better prepared and clearly coordinated in how to respond.”

ION Markets incident was ransomware attack by Russian-linked LockBit gang

The cybersecurity event was a ransomware attack that forced several European and U.S. banks to revert to manual processes. A memo from Ion obtained by Bloomberg confirmed the attack was the work of the Russian-linked LockBit ransomware gang, who claimed responsibility for the attack and is threatening to leak data stolen from the company on February 4 unless a ransom demand is paid.

Bloomberg reported that the attack affected at least 42 of Ion’s clients and forced several European and U.S. financial institutions to process some derivative trades manually.

The CFTC commented at the time of the cyber incident, admitting that the submission of data that is required by registrants will be delayed until the trading issues are resolved.