The World Federation of Exchanges (WFE), on Wednesday in London published a set of cyber resilience standards designed to be used by WFE members, and other market infrastructure providers, to ensure alignment and common minimum standards across the global system.
The standards cover eight key areas:
Strategy & Framework: Effective cyber framework arrangements should be in place to establish, implement and review the approach to managing cyber risk.
Governance: There is need to be appropriate lines of accountability, responsibility and cultural buy-in at all levels of an organisation regarding cyber resilience.
Risk Identification: To mitigate against new risk – in addition to monitoring existing ones – processes and business functions should reviewed and updated regularly.
Protection / Controls: It is important to continuously evolve protection measures, such as security controls, systems, processes (including behavioural monitoring) to keep pace with market developments.
Monitoring & Detection: Strong detection controls and standards should be in place that are proportionate to the organisation’s relative size, systemic importance, risk tolerance and threat landscape.
Response & Recovery: Strategies should ensure that critical systems can be restored to full operation as soon as practicable, acknowledging conditions will vary.
Information Sharing: Organisations should seek to proactively share experiences, knowledge and expertise, and to cooperate and collaborate through industry groups, such as the WFE’s GLEX working group (see below).
Testing, Situational Awareness, Learning & Evolving: Arrangements must evolve with the changing threat landscape.
According to WFE, the standards follow a set of cyber resilience principles (issued by the WFE on 23 September 2016) that authorities can take into account when implementing existing, or creating new, cyber standards for FMIs. In combination, the WFE principles and standards are intended to support and complement guidance already provided by global regulators.
WFE Chief Executive Officer, Nandini Sukumar, said: “Cyber is a top priority for the WFE and its members. We are committed to enhancing cyber resilience within the exchange and CCP industry, and are working together to stay on top of the issue. These guidelines serve as the building blocks upon which WFE members and other global market infrastructure providers can base their individual approaches to cyber.”