Financial market infrastructures (FMIs) depend on the use and trust of data, 有效运作, fmi必须确保他们的数据是安全和完整的.
In 2019, CPMI-IOSCO sought closer engagement with the industry on this important topic by creating an independent Data Protection and Validation industry working group (IWG) to evaluate how this issue impacts FMIs.
国际工作组有六家公司的代表:存, 澳大利亚储备银行, 欧洲清算系统, 华尔街日报, 纽约联邦储备银行和TMX. 工作组的工作成果是一份白皮书, fmi的网络威胁和数据恢复, which explores options that firms should consider as they bolster their capabilities, 包括数据恢复, 和解, 和回放.
最近, 存管连接, 和瑞秋·泰勒坐了下来, 存执行董事, 业务弹性, 谁主持了工作组, 讨论白皮书及其主要发现.
相关阅读: 网络风险和运营弹性
DC: What was the impetus behind the creation of the Data Protection and Validation IWG?
Against the backdrop of a rise in the number and level of sophistication of cyberattacks, in 2016, the CPMI-IOSCO Working Group on Cyber Resilience (WGCR) released Guidance on Cyber Resilience for Financial Market Infrastructures to provide direction on how to plan for and recover from cyber threats.
几年后, WGCR寻求与业界进行更密切的接触, and sponsored an independent group of FMIs to come together to look at how keeping data intact impacts FMIs.
DC: IWG的目标是什么?
RT: The IWG was tasked to identify opportunities to better protect financial market infrastructures’ data as cyber threat landscape continues to evolve. 该小组有四个目标:
- Categorize the different types of data that need to be protected and the potential impacts of a data event.
- Explore and document current practices and challenges with respect to data recovery options for a range of high-level data scenarios.
- Identify leading and emerging practices with respect to data protection and validation methodologies, 以及潜在的优势和劣势.
- 确定未来行业合作的重点领域, 换句话说, are there opportunities to promote 和解 和回放 capabilities within the industry.
DC:工作组的主要发现是什么?
RT: 分析得出了一些关键的发现. 第一个, the IWG wanted to acknowledge the two-hour recovery time objective (RTO) as documented in regulatory guidance. 但是在处理数据完整性问题时, there is a trade-off between speed of recovery and accuracy of recovery and these decisions depend heavily upon an FMI’s individual legal and operational environment. So, while two-hour recovery from a cyber-attack is still a target, the paper recognizes there are instances where two-hour RTO cannot be met.
A second key finding focuses on the differences between an outage caused by a physical event versus a cyber event, 这是一种完全不同的攻击媒介. Recovery capabilities built to manage physical and other non-cyber outages are not as effective in maintaining data integrity in the face of a cyber-attack.
另一个发现围绕着公司的相互联系, a topic that is very much on the minds of 存 and the financial industry generally. 公司之间的联系, 并利用计算机系统进行处理, increases the possibility that a data impact at one firm can quickly spread to others, 导致传染效应.
DC: What opportunities for FMIs did the IWG find based on its analysis?
RT: 本文确定了vnsr威尼斯城官网登入管理公司的几个机会领域.
第一个, the IWG inventoried potential data recovery and 和解 tools and concluded that there is no silver bullet or one-size-fits-all solution for FMIs. Firms must identify tools that are most harmonized with their individual objective(s) and implement solutions based on what best suits their own needs and timeline.
第二个, 对于FMI来说,定义逻辑还原点是有帮助的, which are points in time that the industry can revert back to if data is destroyed or corrupted in such a way that it can’t be trusted. FMIs should work with their participants and the larger community to identify restore points that make sense for their business, 所以如果有问题发生, 时间不会浪费在确定最后一个数据点上.
最后,理解遗留技术非常重要. FMIs should regularly conduct a comprehensive evaluation of their applications to understand any critical interdependencies and identify opportunities for enhanced resiliency as technology evolves.
公司之间的联系, 并利用计算机系统进行处理, increases the possibility that a data impact at one firm can quickly spread to others, 导致传染效应.
DC: What opportunities for the industry collaboration did the IWG find based on its analysis?
RT: One opportunity is for the private and public sectors to work together to create design principles for housing critical data sets in data bunkers and third-party sites. While some FMIs currently use third-party sites or off-premise data bunkers to serve as a recovery tool in data impact scenarios, 这种做法并不常见. The IWG found that the lack of established best practices around design principles is a key factor for limited usage of off-premises bunker or third parties.
Another opportunity is around guidelines for minimizing contagion. 在其工作期间, the IWG could not identify a consistent approach among FMIs for determining scenarios where it may be appropriate to disconnect or reconnect the FMI from an external endpoint to prevent contagion. 考虑到企业的互联性和全球性, regulatory dialogue on this issue would be beneficial as well, 并帮助建立跨司法管辖区的一致性, 在适当的地方.
Other opportunities explored in the paper include the use of a common standard to evaluate entities that contribute to the ecosystem, 要么作为提供者,要么作为客户, and utilizing an independent central coordinating-party to conduct industry-wide cyber exercises.