The exchange contracts development out to third-party teams, and a WSJ contact said it’s concerned about the security of that software chain. There’s a risk that the inadvertent spread of malware or rogue contractors could pose problems.

An exchange spokesperson maintained that the outage was due to a “technical software configuration issue” after an upgrade, and that the organization had “thoroughly investigated” the cause. However, it’s clear that GCHQ isn’t willing to take any chances. Intelligence agencies worldwide are worried about hacks targeting critical infrastructure, and malicious intent discovered here could be a sign of a greater threat.