Calls for coordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks
New York/London/Hong Kong/Singapore/Sydney, February 12, 2020 ‒ With the adoption of distributed ledger technology (DLT) expected to grow in financial services, The Depository Trust & Clearing Corporation (DTCC), the premier market infrastructure for the global financial services industry, today published a white paper, Security of DLT Networks, that recommends establishing a comprehensive industry-wide DLT Security Framework to review existing security guidelines, gaps in the approach to DLT security, and the need for increased standards. The paper also suggests the possible formation of an Industry Consortium to spearhead this topic.
According to the paper, the establishment of a DLT Security Framework would:
- Assist in the completion of risk evaluations across an individual firm’s security assessments via best practices and tools, such as risk management & oversight, cybersecurity controls, third-party management, and incident & event management.
- Address key aspects of the DLT key management lifecycle, including DLT-specific security considerations associated with the creation, maintenance, storage and disposal of sensitive information.
- Provide security guidance and practices respective to account access with the use of cryptographic hash functions, standard authentication methods and bridging the security gap between DLT and traditional IT environments.
“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said Stephen Scharf, Chief Security Officer at DTCC. “DLT offers great potential, but as with any new technology, it also comes with certain risks. Traditional security measures may not be adequate, so it is critically important that this topic is top of mind for any DLT implementation.”
To move forward, DTCC calls for a coordinated strategy around the development of a principles-based framework to identify and address DLT- specific security risks. The firm will leverage its unique role within the financial services sector to begin the conversation across the industry.
“As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike,” added Scharf.
Notes to Editor
DTCC encourages industry participants to contact them for more information on the white paper or to discuss the possible establishment of a Consortium. Emails should be sent to: DLTSecurity@dtcc.com.
With over 45 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From operating facilities, data centers and offices in 16 countries, DTCC, through its subsidiaries, automates, centralizes and standardizes the processing of financial transactions, mitigating risk, increasing transparency and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm simplifies the complexities of clearing, settlement, asset servicing, data management, data reporting and information services across asset classes, bringing increased security and soundness to financial markets. In 2018, DTCC’s subsidiaries processed securities transactions valued at more than U.S. $1.85 quadrillion. Its depository provides custody and asset servicing for securities issues from 170 countries and territories valued at U.S. $52.2 trillion. DTCC’s Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes over 14 billion messages annually. To learn more, please visit us at www.dtcc.com or connect with us on LinkedIn, Twitter, YouTube and Facebook.