London, 20 August 2018 – The World Federation of Exchanges ("WFE"), the global industry group for exchanges and CCPs, has today published its response to the Financial Stability Board's (FSB) Cyber Lexicon Consultation.
The FSB's document - a draft glossary of common terms related to cyber security and cyber resilience - is intended to "support its work to protect financial stability against the malicious use of Information and Communication Technologies (ICT)". The WFE welcomes the work done on the lexicon, as it is helpful for the market infrastructure industry and all stakeholders to have a consistent set of terms.
The highlights of the WFE's response can be summarised as follows:
- The WFE believes the lexicon would be more effective, and consistent, if the definitions were anchored exclusively in two sources: i) the International Organization for Standardization (ISO), and ii) the National Institute of Standards and Technology (NIST), as these are the most distinguished sources for Technical, Risk Management, Cyber Security and Information Security standards.
- If other sources are to be used, it is important to ensure that the inclusion of terms from separate sources doesn't create a disjointed list.
- The WFE proposes some new terms and definitions for the lexicon, including: Threat, Authorisation, Resilience, Intrusion and Flaw Remediation.
- It suggests replacing the terms Campaign and Course of Action with Threat Objective and Threat Objective Lifecycle respectively, along with revisions to those definitions.
- The WFE also recommends alternative definitions for Penetration Testing and Situational Awareness, to more clearly define both of these terms.
- The WFE suggests that, in order to maintain the accuracy and efficacy of the lexicon, the FSB engages participants through regular consultations (perhaps every three years).
Nandini Sukumar, CEO, WFE said: "The WFE is pleased to work with industry stakeholders on such a fundamental piece of work. The area of cyber security and resilience is fraught with complexities and variations around terminology, therefore implementing a clearly defined set of common terms will allow market participants a greater ability to work in a coordinated manner across geographies, in the event of a regional or global cyber-attack. Furthermore, a common vocabulary can support the development of industry standards. We look forward to the refined and finalised lexicon being ready for the G20 meeting in Buenos Aires in November."
The WFE has published a range of whitepapers in the cyber resilience space, including best practice guidelines for cyber security compliance, and cyber resilience standards.
- Ends -
About the World Federation of Exchanges (WFE):
Established in 1961, the WFE is the global industry association for exchanges and clearing houses. Headquartered in London, it represents over 200 market infrastructure providers, including standalone CCPs that are not part of exchange groups. Of our members, 36.8% are in Asia-Pacific, 42.6% in EMEA and 20.6% in the Americas. WFE exchanges are home to nearly 45,000 listed companies, and the market capitalisation of these entities is over $82.5 trillion; around $81.8 trillion (EOB) in trading annually passes through the infrastructures WFE members safeguard (at end 2017).
The WFE is the definitive source for exchange-traded statistics, and publishes over 350 market data indicators. Its statistics database stretches back more than 40 years, and provides information and insight into developments on global exchanges.
The WFE works with standard-setters, policy makers, regulators and government organisations around the world to support and promote the development of fair, transparent, stable and efficient markets. The WFE shares regulatory authorities' goals of ensuring the safety and soundness of the global financial system, which is critical to enhancing investor and consumer confidence, and promoting economic growth.
The Global Exchange Cyber Security Working Group (the GLEX) was established in December 2013 to connect Information Security leadership amongst the world's leading financial exchanges and CCPs. The primary purpose of the GLEX is to facilitate information sharing. The GLEX is both a conduit for internal communication amongst its members and an externally-facing presence available for relevant third parties needing to address members of the GLEX. It also actively comes together to help shape policy-making through reactive and proactive measures, reaching common consensus positions amongst its members. In April 2017 the WFE – through the GLEX – published a set of cyber resilience standards designed to be used by WFE members, and other market infrastructure providers, to ensure alignment and common minimum standards across the global system. The GLEX meets once annually and also virtually - via teleconference or other facilities - on a quarterly basis. Cyber continues to be one of the WFE's six business priorities for 2018.
For more information, please contact:
Head of Communications, The World Federation of Exchanges
Phone: +44 20 7151 4137 / +44 7850 287 685