Search

CFTC advisory committee touches on cybersecurity

First meeting of Technology Advisory Committee since 2020 also covers defi, AI and crypto issues

22 March 2023

By

The US Commodity Futures Trading Commission's Technology Advisory Committee (TAC) held a meeting on 22 March, with cyber risk a major topic of discussion.

The first TAC meeting since December 2020 and the first meeting under the sponsorship of Commissioner Christy Goldsmith Romero, the wide-ranging meeting also touched on decentralized finance, the use of AI in financial markets, and digital identity issues.

"Cyber resilience requires planning and preparedness so that organizations are cybersecure by design," Goldsmith Romero said in her opening remarks. "Cyber resilience requires governance and attention from not only the chief information security officer's office but also the rest of the C-suite."

Cyber risk issues

Among areas of interest related to cyber risk, the TAC focused on the notion of cyber resilience by design, cyber incidence response planning, and cyber risks associated with cloud computing technology. There also was a brief discussion about the potential use of AI in cyber attacks.

Todd Conklin, deputy assistant secretary in the Office of Cybersecurity and Critical Infrastructure Protection at the US Department of the Treasury, outlined the current playbook for the private sector to engage with US regulators on cyber issues and related policy developments. He then shared some details around the recent ION Markets cyberattack, and related delays in post-trade processing.

Kevin Stine, a cybersecurity expert at the US National Institute of Standards and Technology, outlined the NIST cybersecurity framework and noted the importance of "a common language to help organizations talk about cybersecurity risk" both within their firms as well as with their peers and regulators. He also touched on NIST resources to help organizations identify "third-party entanglements," audit supply chain risks and identify points of concentration.

Stine also shared Treasury's strategic vision for supporting the resilience of the financial sector's use of cloud services, including the formation of a cloud services steering group operating in partnership with federal bodies including the Financial and Banking Information Infrastructure Committee (FBIIC) and Financial Stability Oversight Council (FSOC).

The TAC voted to re-establish its Subcommittee on Cybersecurity at the meeting. Members mentioned the importance of a focus on resilience in the subcommittee's work, including taking into account human error as well as cyber attacks.

TAC Chair Carole House, executive in residence at Terranet Ventures, also expressed a desire to explore "the extent to which the financial sector is sharing information" across firms and with regulators as well as efforts to identify "the right types of information" to share related to cyber risks and cyber incident responses.

Technology-focused TAC membership

The CFTC's advisory committees have no rule-making authority, but provide communication and guidance for the agency. Goldsmith Romero has publicly stated that under her sponsorship, the TAC will include more technology experts rather than veterans of financial markets. While major derivatives exchanges Cboe, CME and ICE Futures US are represented on the TAC, there are fewer traditional market participants on the committee than in prior years.

In Goldsmith Romero's opening remarks, the commissioner noted that the newly re-formulated TAC prioritizes "thinkers and builders and doers" as well as market participants to offer "a broad representation of stakeholder perspectives to build the best financial system."

"As the Commission and others make policy decisions on next generation technology, it is critical that we have a foundational understanding of the technology, and the specific implications for finance and law," she said. "For that reason, we have assembled Technology Advisory Committee members who are well-respected experts in the fields of cybersecurity, artificial intelligence, electronic trading, blockchain technology, and digital assets."

Of particular note in the cybersecurity discussion, it was specifically suggested to include an expert in coding to TAC discussions to offer deeper insights.

Looking forward to future priorities beyond cybersecurity, the TAC also voted at the meeting to establish a subcommittee on digital assets and blockchain technology as well as a subcommittee on emerging technologies.

Official statements and resources

 

  • MarketVoice
  • Industry Operations
  • News & Commentary
  • MARKETVOICE