DTCC is calling for a cross-sectoral, coordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks.
DTCC has published a new white paper calling for the establishment of a comprehensive industry-wide DLT Security Framework.
DLT (distributed ledger technology) provides a variety of value propositions for the financial industry, however they come with a variety of security risks, the paper says.
To address security issues, firms have been applying traditional IT security frameworks to DLT. While there is some overlap between traditional and DLT-specific security considerations, DTCC says the gaps are also widely apparent.
To address these gaps, the industry needs an agreed-upon framework, the paper says, adding that it would also serve as a baseline to review existing security guidelines for DLT-specific risks.
Such a framework would help to evaluate DLT security assessments at individual firms in areas where DLT-specific issues exist – such as risk management and oversight, cybersecurity controls, third-party management, and incident and event management.
“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said DTCC chief security officer Stephen Scharf.
“As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike.”
To move forward, DTCC calls for a cross-sectoral, coordinated strategy around the development of a principles-based framework to identify and address DLT- specific security risks.
Read the full whitepaper here (download).