Stephen Scharf, DTCC Chief Security Officer.
In 1962, Everett Rogers, an eminent American communications theorist and sociologist popularized the “diffusion of innovations” theory which explains how new ideas and technology spread. Included in this theory was the technology adoption life cycle, often referred to as the S-curve.
There are four stages which Rogers identified – innovation, syndication, diffusion and substitution – along with a typical period of hype early on, when a new technology is introduced. Only time will tell whether the hype around a new technology is justified, it is difficult to judge in the early stages whether the excitement is excessive.
Over several years, DLT has proven to be a good candidate for further adoption across the financial services industry, given the benefits the technology provides, such as strengthened identity measures, improvements in information preservation and data integrity, processing efficiencies and increased operational capacity. However, these value enhancements also come with security risks.
A number of guides, standards and best practices have been put forward to address DLT security concerns and these were recently highlighted in a DTCC white paper called “Security of DLT Networks.” The overarching message from the paper was that a reliable and comprehensive framework is needed around DLT security, irrespective of the use case and to promote long term adoption of the technology. By developing and adopting a principles-based framework, firms will be better positioned to identify potential weaknesses and regulators will benefit from a harmonized approach to evaluating DLT implementations.
We also underlined the importance of standards in the development of an industry-wide framework. DLT standards can:
- Ensure interoperability between multiple DLT projects which can reduce the risk caused by fragmentation within the industry ecosystem.
- Enable information sharing between industry participants, vendors, and market infrastructures, on the strengths and weakness of the technology which can increase in the speed of DLT adoption.
- Promote data governance.
- Help with digital identity management and in developing end-user trust in DLT.
To develop industry standards, four things need to happen. First, it is critical that industry participants collaborate in an open source environment, sharing best practices for DLT security. Second, we must collectively establish a temporary baseline for industry DLT security standard. Third, we must measure current baseline practices and identify potential areas for improvement. And finally, we must work toward industry agreement on security standards best practices, followed by wide adoption of the standards.
Given the current speed of digital transformation within financial services, we are advocating for a coordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks. As these risks apply across multiple critical infrastructures, these collaborative efforts must cross-sector and begin with a dialogue across the industry, including market infrastructures, DLT providers and market participants.
While DLT can provide many benefits to the financial services industry, the initial hype around it has been replaced by a more realistic view of the technology’s potential uses. Now, there is a general acceptance that, for DLT use to become more ubiquitous, progress needs to be made around a reliable and comprehensive security framework that further protects firms from risks and is based on industry wide standards. Once these measures are in place, DLT’s potential can be more widely realized.
This article first appeared in Fintech Futures on June 10, 2020.