Saving Time
Synchronising & Securing Critical Infrastructure
Time has always been an important issue in financial trading, from the dating of ancient Mesopotamian trade records to the sub-40 microsecond latencies of today’s high-frequency trading (HFT) rooms.
Over that period, the story has been about ever increasing accuracy and synchronisation - time zones from the maritime explorations of the 18th century and atomic clocks beaming time signals from orbiting satellites since the late 20th century have established a level of accuracy that is more than adequate for most purposes. New generations of atomic and optical clocks are increasing the accuracy of time measurement to the extent that a second is now being redefined to an accuracy of one second in 30 billion years, compared to the one second in 158 million years of today’s clocks.
While accuracy of time measurement continues to improve along that path, the focus of attention for metrologists – people who define and refine measurement units and standards – is increasingly turning to the resilience of time as it is supplied to and consumed by nearly all critical national infrastructures in modern technological societies.
Let us assume that financial services are critical national infrastructures and take a look back on how the sector came to realise that accurate and reliable timing information is fundamental.
Just how fundamental became clear in the wake of the 2010 Flash Crash, where after forensic analysis, inconsistent timestamping practices were found to be a root cause. Subsequently, an official UK Government inquiry was setup, leading to the publication of the Foresight Review, which emphasised the need for high-resolution, traceable timestamps. Regulators, including what is now the UK Financial Conduct Authority (FCA) and the European Securities and Market Authority (ESMA) began the process of mandating accurate and auditable time-keeping.
Governments and regulators were not the only people interested in the recommendations of the Foresight Review: the National Physical Laboratory (NPL) in south-west London is where the UK’s time standard, known as Coordinated Universal Time – UTC(NPL) – is maintained using highly accurate atomic clocks, including caesium fountains and the latest optical clocks.
As Leon Lobo, head of the National Timing Centre (NTC) at NPL stated:
“The Review’s recommendation on the necessity of having high-resolution traceable timestamps caught our eye, and we started to engage with the FCA to understand what level of precision and accuracy was required. It was very strange in that there wasn't a clear answer at the time – as some people were talking about milliseconds, and some were talking about nanoseconds.”
Lobo and his colleagues realised that the whole world of high-frequency trading and low-latency infrastructures needed addressing – there was a whole range of different methodologies that people used to access accurate time and implement it, with the absence of standardisation. Lobo and his colleagues then began to work with ESMA on the matter. One of the results was the Regulatory Technical Standard 25 (RTS 25) requirement of MiFID II, which specifies the level of accuracy required of financial infrastructures and institutions engaged in trading activities – the first European regulatory timestamping standard.
In 2014, NPL took the significant step of launching a commercial product, NPLTime, delivering certified time services through fibre-optic cable directly to data centres and financial institutions, initially partnering with entities like TMX Group and ICE International Exchange. This service monitors and certifies the accuracy of time delivered to users, ensuring compliance with regulatory standards and providing resilience against potential disruptions.
That service, and others, are now widely embedded in the trading infrastructures of all major financial centres, and it is the need for resilience that now occupies the minds of Lobo and his NPL colleagues: the NTC R&D programme was launched in 2019 specifically to enhance national resilience in timing.
The initiative aims to create a resilient time source for the UK – Lobo describes it as “a fifth utility for the UK” – using diverse time sources and multiple methods of time transfer, including optical fibre networks and radio broadcasts like eLoran, a radio-based navigation system that is a fall-back for satellite navigation systems like GPS. This ‘system of systems’ approach is intended to ensure that critical infrastructures, such as telecoms, energy grids, and transport systems, have a reliable and secure source of time.
One of the issues to overcome is the reliance that all industries have placed on the GPS navigational satellite system. Because of its ubiquity it’s easy to forget that GPS – global positioning system – is just one satellite-based navigation system among several, and it is one that has a built-in unreliability problem: it was developed and is run by the US military, which can switch it off, or downgrade its accuracy, for other users anytime it wants.
However, that is the least of the problems that reliance on GPS creates. Since the Russian invasion of Ukraine, there have been many examples of denial of service – jamming – of GPS signals, causing problems for civilian airlines, and the occasional UK Defence Secretary. Increasingly it is also vulnerable to spoofing. The GPS system relies on the user receiver to process the time signals from the orbiting satellites using the time differences to calculate its position. The satellite signals are relatively low strength, and the receiver is designed to lock on to the strongest signals it can find, creating a scenario where a third-party can swamp the receiver with a stronger signal and effectively tell it that it is somewhere it is not.
“GPS is assumed to be always there, but it's vulnerable to denial of service, jamming and spoofing. In data centres like those in Slough, there's a vast array of GPS antennas because everyone uses them. If GPS is disrupted, what's the plan? GPS is effectively assumed to be there until it's not,” says Lobo. “There’s a lot of work done on cyber-security, but timing is often overlooked. Hostile state actors are not necessarily seeking financial gain but rather chaos and complexity across sectors. We're shifting from GPS to more resilient solutions like fibre-based networks and eLoran.”
The solutions proposed in the NTC plans generate their own challenges: how do you synchronise time-stamps that are delivered across different transmission media from separate locations? Clocks at both ends are synchronised, and timestamps are typically generated at the user end. The important element is that traceability of the timestamp back to the reference is embedded.
In some ways, the financial services sector is ahead of the game, as far as it has been working with a regulatory mandate to address the time-stamping issue far more than most industries. With the advent of the EU’s Digital Operational Resilience Act (DORA) this will take on a new importance, but how IT infrastructures secure time isn’t well thought through yet, with the issue falling between the stools of physical and cyber-security.
Moreover, says Lobo, people in all sectors are “yet to consider what could be done with signals better than GPS. We aim to raise awareness of what could be done differently or disruptively if that was available – the use of assured timestamps as a layer of trust in distributed ledger technologies, for instance.” Such an application could greatly enhance distributed ledgers, not just in clearing and custodianship models, but in their wider adoption in areas such as trade finance and smart contracts.
But, notes Lobo, as with the security issue, people and institutions don’t really think about time and timing very much: “It’s not on anyone’s agenda, so it’s really about raising awareness.”