08.21.2018

WFE Responds To Cybersecurity Consultation

08.21.2018

The World Federation of Exchanges (“WFE”), the global industry group for exchanges and CCPs, has today published its response to the Financial Stability Board’s (FSB) Cyber Lexicon Consultation.

​The FSB’s document – a draft glossary of common terms related to cyber security and cyber resilience – is intended to “support its work to protect financial stability against the malicious use of Information and Communication Technologies (ICT)”. The WFE welcomes the work done on the lexicon, as it is helpful for the market infrastructure industry and all stakeholders to have a consistent set of terms.

The highlights of the WFE’s response can be summarised as follows:

  • The WFE believes the lexicon would be more effective, and consistent, if the definitions were anchored exclusively in two sources: i) the International Organization for Standardization (ISO), and ii) the National Institute of Standards and Technology (NIST), as these are the most distinguished sources for Technical, Risk Management, Cyber Security and Information Security standards.
  • If other sources are to be used, it is important to ensure that the inclusion of terms from separate sources doesn’t create a disjointed list.
  • The WFE proposes some new terms and definitions for the lexicon, including: Threat, Authorisation, Resilience, Intrusion and Flaw Remediation.
  • It suggests replacing the terms Campaign and Course of Action with Threat Objective and Threat Objective Lifecycle respectively, along with revisions to those definitions.
  • The WFE also recommends alternative definitions for Penetration Testing and Situational Awareness, to more clearly define both of these terms.
    The WFE suggests that, in order to maintain the accuracy and efficacy of the lexicon, the FSB engages participants through regular consultations (perhaps every three years).

Nandini Sukumar, CEO, WFE said: “The WFE is pleased to work with industry stakeholders on such a fundamental piece of work. The area of cyber security and resilience is fraught with complexities and variations around terminology, therefore implementing a clearly defined set of common terms will allow market participants a greater ability to work in a coordinated manner across geographies, in the event of a regional or global cyber-attack. Furthermore, a common vocabulary can support the development of industry standards. We look forward to the refined and finalised lexicon being ready for the G20 meeting in Buenos Aires in November.”

You can read the full response here.

Source: WFE

Related articles

  1. Cyber-Criminals Target Wall Street

    The regulator's emails and email attachments were subject to unauthorized access.

  2. Cyber-Criminals Target Wall Street

    PQC aims to strengthen communication and data security as quantum computing advances.

  3. Wall Street Confronts Cyber Threats

    The DORA compliance deadline is just three months away.

  4. Quantum computing poses a major cybersecurity concern as it can break cryptography & encryption algorithms.

  5. Cyber Threats Mount

    The interruption of the dissemination of indices and market data has been solved.