With the adoption of distributed ledger technology (DLT) expected to grow in financial services, 存托信托 & 清算 Corporation (存), published a white paper, DLT网络的安全性, that recommends establishing a comprehensive industry-wide DLT Security 框架 to review existing security guidelines, DLT安全方法上的漏洞, 以及提高标准的必要性.
我们和比尔·伊佐坐了下来, 导演, 安全技术团队, 存, to learn more about the framework and the next steps to advancing the initiative.
Q. 什么是DLT安全框架?
BI: As DLT evolves, it is apparent that DLT-specific security considerations exist. The DLT Security 框架 is meant to address the differences between traditional IT security considerations and the new developments surrounding DLT-specific security considerations
第一个, the framework would assist in the completion of risk evaluations across an individual firm’s security assessments via best practices and tools, 比如风险管理和监督, 网络安全控制, 第三方管理, 和事件 & 事件管理. 第二个, it would address all aspects of the DLT key management lifecycle, including DLT-specific security considerations associated with the creation, 维护, storage and disposal of sensitive information. 最后, it would provide security guidance and practices respective to account access with the use of cryptographic hash functions, standard authentication methods and bridging the security gap between DLT and traditional IT environments.
Q. How did you come up with the idea for the framework?
BI: We started with an internal view of a DLT security framework that would standardize all our DLT and blockchain-related ventures within 存. We wanted a framework that would allow us to conduct repeatable security assessments and evaluations we could use internally that would make it a much more efficient process.
随着我们的进步, we came to realize that this initiative was bigger than just 存 and that the financial services ecosystem would benefit from a common set of rules around the security of DLT.
Q. Why does the industry need a DLT Security 框架?
BI: The increasing interest and outright adoption of DLT in the real-word is on the rise. We saw higher adoption rates in 2019 than in 2018 and we expect to see a similar trend in 2020. We are at the point where theoretical discussions have moved to applications, so we must have the proper risk controls and security protocols in place. It’s time to move past talking and start building the framework.
Q: What specific challenges are important to consider when considering DLT security?
BI: 我看到了三个关键挑战. The first hurdle in this type of effort is going to be creating a convincing business case to rationalize firms expending their members’ time and money on this initiative. We have to make the case that this is in everyone’s interest. The second challenge is going to be balancing the competing interests. Each group will have different perspectives and different priorities and we have to balance those priorities so that we meet as many of the needs of the different members. The final challenge is keeping pace with technology. This is a fast-moving and fast-evolving technology, 为了使框架具有相关性, it must keep pace with the rapidly evolving technology.
Q. What outcome(s) do you hope to see as a result of the white paper?
BI: The ideal outcome would be that all the different stakeholders in the consortium benefit from this initiative. For DLT提供者, it would be a value add to them that they are compliant with the framework. 对于大型咨询公司, the framework enhances their existing offerings built around DLT so they can certify compliance by providers. For banks, it gives reassurance they are secure and resilient. 最后, for the regulators, it’s twofold. They would have confidence that the global financial infrastructure is secure and provable.
Q. 下一步是什么? 我们如何继续前进?
BI: 第一个, we have to build interest from a number of groups to form the Consortium. 这是这篇论文背后的一个关键驱动力. We hope to build a consortium of the large banks, 经纪公司, DLT提供者, consulting firms and global regulators that will draft an outline of the framework – something we want to accomplish before year end.
It’s important to note we are not pitching this as a 存 service or product or even a 存-led initiative. 我们将成为平等群体中的一员. Structure will emerge and it will be highly dependent on who are the stakeholders. Each group will have different perspectives and want something different.
We encourage industry participants to contact us for more information on the white paper or to discuss participating in the Consortium. 电子邮件应该发送到 (电子邮件保护)