The US Depository Trust and Clearing Corporation (DTCC), a major post-trade financial services firm offering clearing and settlement services to large capital markets, is considering establishing an industry consortium to formulate a joint strategy for dealing with security risks in the implementation of blockchain or distributed ledger technology (DLT) in the financial services industry.
The DTCC has released a white paper, entitled “Security of DLT Networks,” which suggests creating a complete framework to examine current security measures and guidelines, gaps in the approach to blockchain security, and the need to develop additional standards and best practices.
This type of framework, which could be led and managed by a DLT industry consortium, would be tasked with specifying guidelines for individual companies, addressing vital aspects of the blockchain key management lifecycle and the proper use of cryptographic hash functions, along with dealing with the security gap that exists between DLT and legacy IT platforms.
Stephen Scharf, chief security officer at DTCC, stated:
“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets.”
Scharf also noted that DLT has great potential, however, like with any new technology, it comes with several major risks. Security measures and guidelines designed for legacy systems might not be enough, so it is vital that this issue be a top priority for any blockchain or DLT implementation.
Scharf said that the company is planning to leverage its position as a leading market infrastructure developer to start holding discussions regarding DLT security across the blockchain industry.
“As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike.”