A paper published February by the Depository Trust & Clearing Corporation (DTCC) calls for a more coordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks. With the adoption of distributed ledger technology (DLT) expected to grow in financial services, the DTCC’s white paper, Security of DLT Networks, outlines recommendations for establishing a comprehensive industry-wide DLT Security Framework.
Established in 1999, the DTCC is a holding company that consists of five clearing corporations and one depository, making it the world’s largest financial services corporation dealing in post-trade transactions. In 2011, the DTCC settled the vast majority of securities transactions in the United States and close to $1.7 quadrillion in value worldwide, making it by far the highest financial value processor in the world.
The paper outlines the need for today’s organizations to review existing security guidelines, gaps in their approach to DLT security, and the need for increased standards. The paper also suggests the possible formation of an Industry Consortium to spearhead this topic.
“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said Stephen Scharf, Chief Security Officer at DTCC. “DLT offers great potential, but as with any new technology, it also comes with certain risks. Traditional security measures may not be adequate, so it is critically important that this topic is top of mind for any DLT implementation.”
According to the paper, the establishment of a DLT Security Framework would:
- Assist in the completion of risk evaluations across an individual firm’s security assessments via best practices and tools, such as risk management & oversight, cybersecurity controls, third-party management, and incident & event management.
- Address key aspects of the DLT key management lifecycle, including DLT-specific security considerations associated with the creation, maintenance, storage and disposal of sensitive information.
- Provide security guidance and practices respective to account access with the use of cryptographic hash functions, standard authentication methods and bridging the security gap between DLT and traditional IT environments.
Many enterprises are beginning to pilot and deploy DLT technology. While many of these blockchain-based solutions are generally considered secure, as DTCC notes, they are not immune to security risks or regulatory constraints. Companies must begin to consider the security implications associated with the use of DLT as early on in the project as possible. If there’s one take away from the paper’s release, it’s a crude warning to organizations: take careful consideration of your DLT solution’s security before writing a single line of code.