The Depository Trust & Clearing Corporation has published a paper, Security of DLT Networks, that recommends establishing a comprehensive industry-wide DLT Security Framework to review existing security guidelines, gaps in the approach to DLT security, and the need for increased standards. The paper also suggests the possible formation of an industry consortium to spearhead this topic.

According to the paper, the establishment of a DLT Security Framework would:

Assist in the completion of risk evaluations across an individual firm's security assessments via best practices and tools, such as risk management & oversight, cybersecurity controls, third-party management, and incident & event management;

Address key aspects of the DLT key management lifecycle, including DLT-specific security considerations associated with the creation, maintenance, storage and disposal of sensitive information;

Provide security guidance and practices respective to account access with the use of cryptographic hash functions, standard authentication methods and bridging the security gap between DLT and traditional IT environments.

"With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets," said Stephen Scharf, Chief Security Officer at DTCC.

"DLT offers great potential, but as with any new technology, it also comes with certain risks. Traditional security measures may not be adequate, so it is critically important that this topic is top of mind for any DLT implementation."

To move forward, DTCC calls for a co-ordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks. The firm says it will leverage its unique role within the financial services sector to begin the conversation across the industry.

Added Scharf: "As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike."

How do I enable cookies in my browser?

Internet Explorer
1. Click the Tools button (or press ALT and T on the keyboard), and then click Internet Options.
2. Click the Privacy tab
3. Move the slider away from 'Block all cookies' to a setting you're comfortable with.

Firefox
1. At the top of the Firefox window, click on the Tools menu and select Options...
2. Select the Privacy panel.
3. Set Firefox will: to Use custom settings for history.
4. Make sure Accept cookies from sites is selected.

Safari Browser
1. Click Safari icon in Menu Bar
2. Click Preferences (gear icon)
3. Click Security icon
4. Accept cookies: select Radio button "only from sites I visit"

Chrome
1. Click the menu icon to the right of the address bar (looks like 3 lines)
2. Click Settings
3. Click the "Show advanced settings" tab at the bottom
4. Click the "Content settings..." button in the Privacy section
5. At the top under Cookies make sure it is set to "Allow local data to be set (recommended)"

Opera
1. Click the red O button in the upper left hand corner
2. Select Settings -> Preferences
3. Select the Advanced Tab
4. Select Cookies in the list on the left side
5. Set it to "Accept cookies" or "Accept cookies only from the sites I visit"
6. Click OK

The Depository Trust & Clearing Corporation has published a paper, Security of DLT Networks, that recommends establishing a comprehensive industry-wide DLT Security Framework to review existing security guidelines, gaps in the approach to DLT security, and the need for increased standards. The paper also suggests the possible formation of an industry consortium to spearhead this topic.

According to the paper, the establishment of a DLT Security Framework would:

Assist in the completion of risk evaluations across an individual firm's security assessments via best practices and tools, such as risk management & oversight, cybersecurity controls, third-party management, and incident & event management;

Address key aspects of the DLT key management lifecycle, including DLT-specific security considerations associated with the creation, maintenance, storage and disposal of sensitive information;

Provide security guidance and practices respective to account access with the use of cryptographic hash functions, standard authentication methods and bridging the security gap between DLT and traditional IT environments.

"With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets," said Stephen Scharf, Chief Security Officer at DTCC.

"DLT offers great potential, but as with any new technology, it also comes with certain risks. Traditional security measures may not be adequate, so it is critically important that this topic is top of mind for any DLT implementation."

To move forward, DTCC calls for a co-ordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks. The firm says it will leverage its unique role within the financial services sector to begin the conversation across the industry.

Added Scharf: "As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike."