With the adoption of distributed ledger technology (DLT) expected to grow in financial services, the Depository Trust & Clearing Corporation (DTCC) published a white paper on “Security of DLT Networks”, that recommends establishing a comprehensive, industry-wide DLT Security Framework to review existing security guidelines, gaps in the approach to DLT security, and the need for increased standards. The paper also suggests the possible formation of an industry consortium to spearhead the endeavour.
According to the paper, the establishment of a DLT Security Framework would assist in the completion of risk evaluations across an individual firm’s security assessments via best practices and tools, such as risk management and oversight, cybersecurity controls, third party management, and incident and event management. It would also address important aspects of the DLT key management lifecycle, including DLT-specific security considerations associated with the creation, maintenance, storage and disposal of sensitive information. Additionally, it would provide security guidance and practices respective to account access with the use of cryptographic hash functions, standard authentication methods and bridging the security gap between DLT and traditional IT environments.
“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” says Stephen Scharf, chief security officer at DTCC. “DLT offers great potential, but as with any new technology, it also comes with certain risks. Traditional security measures may not be adequate, so it is critically important that this topic is top of mind for any DLT implementation.”
To move forward, DTCC calls for a coordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks. The firm says it will leverage its unique role within the financial services sector to begin the conversation across the industry.
“As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike,” adds Scharf.
To expand on the possible shortcomings of traditional IT security frameworks as applied to DLT, the DTCC paper evaluates the intersection between traditional and DLT-specific security considerations.
Financial Services DLT
DLT introduces a multitude of value propositions for the financial sector, says DTCC. The core of these include strengthened identity measures, technical components for enhanced information preservation and maintenance of data integrity, processing efficiencies, operational capacity and scalability, and compliance effectiveness, says the paper.
DTCC calls for a comprehensive and standardised approach to DLT security to ensure the confidentiality, integrity and availability.
Identity and access management (IAM) encompasses the processes and technologies used by an organisation to authenticate and authorise an individual to access systems or services, it notes. Traditional IAM processes and technologies are vulnerable to loss, theft, and fraud due to the storage of personal information on centralised servers, which become primary targets for hackers. DLT provides the opportunity to strengthen IAM processes through the application of cryptography and decentralisation. This strategy is especially useful when and where the subject entity does not trust the verifying entity, but still has to prove to the verifying identity that it knows specific information. In a DLT scenario, this ability allows an entity to prove that its authenticating details fulfill certain requirements without revealing the actual details being requested.
DLT-specific security concerns respective to IAM generally surround the key management lifecycle, which is critical to the related lifecycle of an identity and its corresponding access privileges in a DLT environment.
Decentralisation also provides additional possibilities to strengthen IAM. In a distributed environment, entities may choose to retain control of their identity, as opposed to permitting their identity to be controlled by a third party. Assuming the user follows basic security protocols, this can be a more reliable form of identification and authorisation than requesting proof of identity from a third party provider who may have security gaps or vulnerabilities, says DTCC.
Digital ledgers provide an inherent level of security through their tamper-evident and tamper-resistant characteristics, says DTCC, which is a reason they are trusted for financial transactions. With DLT, tamper evident represents the ability to identify modifications, malicious or otherwise, to transaction records in the validation or post-validation processes, while tamper resistance is the difficulty of modifying past transaction records that have been validated and appended to a digital ledger.
Tamper evident and tamper resistant characteristics are established through the use of cryptographic hash functions, which are critical to the security and preservation of information being processed, stored and transferred in a DLT environment as they encrypt sensitive transaction information such as timestamps, which preserve the order, or history, in which transactions are appended to a digital ledger. They also encrypt digital signatures, which identify the parties involved in a transaction, as well as other sensitive information such as digital asset quantities and amounts, it notes.
Unlike traditional distributed databases, DLT incorporates the functionality of consensus mechanisms, mathematical algorithms that consist of validation rules that provide independent participants the ability to verify the validity and integrity of transaction records being proposed to a DLT environment’s digital ledger. The ability for independent participants to reach consensus on the current state of a digital ledger supports the maintenance of data integrity within an adversarial environment, notes DTCC.
Consensus mechanisms are primary targets for the exploitation of DLT environments. When successfully exploited, consensus mechanisms may function inappropriately, leading to unauthorised transfers of digital assets, unauthorised censorship of transactions, double-spending, or operational disruption to the transaction validation process, DTCC points out. Therefore, security must be considered at all stages of the DLT lifecycle including the design, development, implementation, and production. DLT-specific security considerations related to consensus mechanisms include consensus rule design, access management, separation of duties, deployment of consensus modifications, monitoring of consensus performance and prevention of attacks.
There are a range of consensus mechanisms that may be leveraged for DLT, each of which possess common and unique security considerations and weaknesses. One often used by permissioned DLT environments is the federated byzantine agreement (FBA), or distributed quorum. The FBA is a consensus mechanism where DLT environment participants assign trust to other participants who have been identified as trusted by the greater DLT environment. However, no matter the degree of trust assigned to participants, the environment is constantly at risk of rogue actors, warns DTCC. It is imperative that organisations operating with the FBA consensus mechanism take into account appropriate DLT-specific security considerations including KYC/AML procedures, participant lifecycle management, participant activity monitoring and reporting, and operational capacity and scalability monitoring to ascertain whether the DLT environment may support, or require, additional participants to adequately process transactions.
DLT is often promoted for enabling faster transaction settlement times, lower costs associated with transaction processing, enhanced transparency between transacting entities, potentially higher scaling capabilities than traditional databases and currencies, and the use of smart contracts for automation.
There are efficiencies to be obtained with the adoption of DLT, says DTCC; however, security considerations related to governance structure, DLT integration, operational capacity and scalability, legal risk, and data protection and privacy must be adequately addressed in order to achieve these efficiencies. To ensure operational resilience, organisations need to consider how their DLT environments’ transaction throughput and processing volumes are monitored to guarantee the environment maintains adequate capacity to process transactions during peak volume periods. Several factors must be considered, including the scalability of the environment, the number of active nodes, and the consensus mechanism used to process the transactions.
Compliance leaders in the financial industry are focused on assessing and enhancing their compliance effectiveness in response to the continuously evolving DLT and digital asset regulatory environment. DLT provides an opportunity to enhance this function by providing more accessible, transparent and secure data processing, increased transaction processing efficiency, multi-party transaction validation, and continuous monitoring of assurance capabilities, says DTCC.
Security considerations include design and execution strategy, timely response to issues, and readiness for regulatory change, says DTCC, noting that as DLT evolves, it is apparent that DLT-specific security considerations exist and require analysis from industry experts.
Security domains such as incident management, business continuity, and threat/vulnerability management should be considered for DLT. For example, business continuity planning for a centralised database has one set of characteristics and related controls, and a completely different set for a decentralised database. Given the irreversibility of DLT transactions, policies and procedures must also account for DLT-specific considerations such as immutability. These DLT-specific concerns can be extrapolated across all traditional IT security domains; therefore, it would be prudent for organisations to keep these differences in mind while evaluating the DLT-specific security domains such as wallets and smart contracts, notes DTCC.
There is no one-size-fits-all approach to DLT security, says DTCC. However, agreed-upon standards will prove invaluable to making such a framework possible, it says, and can play an important role in ensuring interoperability. As the technology develops and the number of DLT participants increases, many stakeholders will want to interact with and use other blockchain platforms that operate independently from their own. If each industry participant lays its respective DLT foundations in a silo, this synergistic result will be difficult to achieve, states the paper. Standardised terminology can also assist with the development of robust, easy-to-understand DLT security standards, it says.
Governance, and specifically data governance, is a critical security issue that often delays the adoption of new technologies like DLT, says DTCC. By establishing a principles-based framework, firms have the flexibility to identify potential security weaknesses in their implementations. Such a framework will also increase the likelihood that disparate DLT implementations from different organisations could be linked or otherwise exchange information. In addition, supervisors and regulators will have a consistent measure for understanding potential strengths and weaknesses in different DLT implementations.
Lastly, standards play a role in digital identity management and can foster end-user trust in the technology.
In creating a standardised approach, the financial industry has the opportunity to develop, share, reuse and continuously improve upon an approach to DLT security, says DTCC. As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted, it adds. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike.
In light of the speed of digital transformation within the financial services sector, DTCC calls for a coordinated strategy for the development of a principles-based framework to identify and address DLT-specific security risks. Because these risks may cross multiple critical infrastructure sectors, the coordinated strategy should be a cross-sector effort beginning with a conversation between the financial services sector, DLT providers and consumers.