Report: UK Says It’s Not Investigating LSE Outage as Cybersecurity Incident

The UK agency that advises the government on cybersecurity matters told a UK technology news site that it was not investigating the protracted London Stock Exchange outage last August as a potential cybersecurity incident, casting some doubt onto a recent Wall Street Journal report that stated the opposite.

The National Cyber Security Centre “has not treated the LSE outage as a cyber security related incident and has not investigated it as such,” an NCSC spokesperson told Computer Business Review.

The Journal report that said British intelligence was investigating whether the outage was a result of a cyberattack came Sunday and cited unnamed sources. The intelligence agency in question is the Government Communications Headquarters, which NCSC is a part of.

LSE has maintained that the outage was caused by an incident that came during a software update. An LSE spokesperson told the Journal that the company “has thoroughly investigated the root cause” of the outage and attributed it to a “technical software configuration issue following an upgrade of functionality.”

During a system update – a time of increased system vulnerability – is precisely when the government suspects the LSE’s systems could have been attacked, sources told the Journal.

The WSJ report raised concerns about growing reliance on third parties for software development by financial exchanges, which have traditionally been viewed as secure because they’ve typically used in-house technical staff only. As exchange operators strive to become more technologically advanced, they increasingly augment their capabilities with outside contractors.

Internally, LSE has identified “the security of this development supply chain as an area of concern,” a person familiar with the exchange’s operations, told the Journal.