The Depository Trust & Clearing Corporation (DTCC), a global financial market infrastructure giant, says traditional IT security frameworks must be updated to tackle the blockchain.

An official press release on Feb. 12 took note of the expected rise in adoption of distributed ledger technology like blockchains in financial services globally.

The DTCC has published a new white paper, Security of DLT Networks, which recommends the creation of a comprehensive, DLT-specific Security Framework and, potentially, an Industry Consortium that would spearhead research into standards and guidelines for the sector.

New benefits, new risks

In its white paper, DTCC notes that at present, DLT in financial services is characterized by fragmented standards and guidance with respect to technology-specific security risks.

The industry giant recognizes that DLT implementation is poised to offer multiple actors a wide gamut of value propositions, notably “strengthened identity measures, improvements in information preservation and data integrity, processing efficiencies, increased operational capacity, and compliance effectiveness.”

Yet with these benefits come new risks, with better standards needed to ensure DLT interoperability, consensus around terminology, effective governance an robust digital identity management.

All financial industry stakeholders thus have an interest in contributing to the creation of a DLT security framework, the paper argues.

At the level of individual firms, DTCC notes, best practices should be established spanning risk management and oversight, cybersecurity, third-party management, and incident response.

Moreover, technology-specific considerations should be taken into account for the creation, maintenance, storage and disposal of sensitive data. These considerations would aim to bridge the security gap between DLT and legacy IT environments, and establish standard authentication methods with attention to the use of cryptographic hash functions.

In a statement, Stephen Scharf, chief security officer at DTCC, stressed the need for a coordinated strategy to develop industry-wide consensus:

“As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike.”

Tackling DLT head on

As reported, this is not DTCC’s first foray into tackling the global policy standards it judges to be necessary for smooth DLT implementation in financial services. In March of last year, it published a white paper outlining guiding principles for the post-trade processing of tokenized securities.

Back in 2018, a DTCC-led study found that DLT is scalable enough to support daily trade volumes of the United States equity market. DTCC, moreover, itself has plans to replatform its Trade Information Warehouse with DLT.