Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Source Operational Risk

Published byGinger Lucas Modified over 6 years ago

Similar presentations

Presentation on theme: "Open Source Operational Risk"— Presentation transcript:

1 Open Source Operational Risk
Should Public Blockchains Serve as Financial Market Infrastructures? Angela Walch Associate Professor St. Mary’s University School of Law Research Fellow, UCL Centre for Blockchain Technologies Blockchain Protocol Analysis & Security Engineering Stanford Cyber Initiative January 26, 2017

2 Blockchain Protocol Analysis & Security Engineering 2017
Main Questions How do common practices from “grassroots” open source software generate operational risks for public blockchains? Are these risks ok for financial market infrastructures? Blockchain Protocol Analysis & Security Engineering 2017

3 Blockchain Protocol Analysis & Security Engineering 2017
How We’ll Proceed Background on critical nature of financial market infrastructures and practices global regulators see as important in ensuring their uninterrupted operation. Discussion of how common practices from grassroots open source software generate operational risks for public blockchains. Blockchain Protocol Analysis & Security Engineering 2017

4 The “Beating Heart” of Finance
Blockchain Technology Blockchain Protocol Analysis & Security Engineering 2017

5 Blockchain Protocol Analysis & Security Engineering 2017
Operational Risk The risk that deficiencies in information systems or internal processes, human errors, management failures, or disruptions from external events will result in the reduction, deterioration, or break-down of services provided by the [financial market infrastructure]…includ[ing] physical threats, such as natural disasters and terrorist attacks, and information security threats, such as cyberattacks. Further, deficiencies in information systems or internal processes include errors or delays in processing, system outages, insufficient capacity, fraud, data loss, and leakage. (Federal Reserve) Blockchain Protocol Analysis & Security Engineering 2017

6 Principles for Financial Market Infrastructures
Principle 17: Operational risk: An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to have a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide-scale or major disruption. (PFMI 2012). Blockchain Protocol Analysis & Security Engineering 2017

7 Blockchain Protocol Analysis & Security Engineering 2017
Principle 2: Governance: An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Blockchain Protocol Analysis & Security Engineering 2017

8 Blockchain Protocol Analysis & Security Engineering 2017
Principle 3: Framework for the comprehensive management of risks: An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Blockchain Protocol Analysis & Security Engineering 2017

9 Grassroots Open Source Software
How software development is governed. How software development is funded. The forking feature. Blockchain Protocol Analysis & Security Engineering 2017

10 Decentralized, Undefined Governance
No official responsibility/accountability to keep software operational. No one is the official “decider.” Unacknowledged Centralization of Power Unaccountable Unchecked Lead to  Paralysis/Delay in fixing code. Blockchain Protocol Analysis & Security Engineering 2017

11 Problematic Funding Model
Grassroots OSS development generally uncompensated. Inadequate care of critical OSS projects? Heartbleed / Core Infrastructure Initiative / Mozilla’s SOS Bitcoin had luxury of low-stakes youth. No one is low-stakes now. Experiments in funding: Pre-sales, Tokens, ICOs. Private Companies / Sponsorships Conflicts of Interest? How stable is funding source long-term? Are consumers protected? Blockchain Protocol Analysis & Security Engineering 2017

12 Blockchain Protocol Analysis & Security Engineering 2017
Forks Possible Outcomes: Peaceful coexistence of old and new Old dies New dies Contentious coexistence of old and new Consequences significant for Public Blockchains. Embed and transfer actual value Serve as authoritative record of events Blockchain Protocol Analysis & Security Engineering 2017

13 Blockchain Protocol Analysis & Security Engineering 2017
Real World Examples March 2013 Hard Fork Different versions incompatible. 2 ledgers. Human Coordination to fix (requiring ALTRUISM) Bitcoin Block Size Debate Political Question  Not just technical. Paralysis because consequences so extreme. Ethereum’s July 2016 Hard Fork Ethereum & Ethereum Classic Blockchain Protocol Analysis & Security Engineering 2017

14 Blockchain Protocol Analysis & Security Engineering 2017
Lessons Learned New software releasesfractured networks. Fixing forks may need human coordination. Core devs wield a lot of power/influence. Risk of forks  Paralysis. Upper-level apps can impact underlying blockchain. Neither humans nor code are perfect. Competing Blockchains are possible outcome of fork. Which is legitimate? If embed critical records, which is “correct”? Blockchain Protocol Analysis & Security Engineering 2017

15 Chaining People Together
Magnified software risks for structures atop them. Community commits to staying together for system to have value – 1 authoritative record. Each potential hard fork like binding secession referendum. If don’t go w/ majority  you’ve seceded. Build your own! Blockchain Protocol Analysis & Security Engineering 2017

16 Blockchain Protocol Analysis & Security Engineering 2017
Reflections Undefined governance, problematic funding, and forking chance create operational risks for public blockchains. As practices are tweaked, risks change. Very different from how we operate current FMI’s. Clear governance. Comprehensive risk management. Identifying and mitigating operational risks. Broader Implications -- think about use of grassroots OSS practices in other critical systems? Blockchain Protocol Analysis & Security Engineering 2017

Download ppt "Open Source Operational Risk"

Similar presentations

Support for the coordination of activities Joint Technology Initiatives: Background and Current State of Play Presentation to the Meeting of High-Level.

Support for the coordination of activities Joint Technology Initiatives: Background and Current State of Play Presentation to the Meeting of High-Level.
IMPLEMENTING FINANCIAL AND ACCOUNTING SYSTEMS FOR GOVERNMENT CHRISTIAN T. SOTTIE THE CONTROLLER AND ACCOUNTANT-GENERAL GHANA.

IMPLEMENTING FINANCIAL AND ACCOUNTING SYSTEMS FOR GOVERNMENT CHRISTIAN T. SOTTIE THE CONTROLLER AND ACCOUNTANT-GENERAL GHANA.
FMI Principles Relevant issues for CSDs

FMI Principles Relevant issues for CSDs
IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,

IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,
Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.

Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
The New CPSS-IOSCO Principles for FMIs Fez,26 April, 2012 Ceu Pereira The World Bank.

The New CPSS-IOSCO Principles for FMIs Fez,26 April, 2012 Ceu Pereira The World Bank.
3rd Party Risk Categorization Process

3rd Party Risk Categorization Process
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
A project implemented by the HTSPE consortium This project is funded by the European Union GLOBAL EUROPE INSTRUMENT FOR STABILITY 2014-2020.

A project implemented by the HTSPE consortium This project is funded by the European Union GLOBAL EUROPE INSTRUMENT FOR STABILITY
IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.
Financial Stewardship For Organizations: An Overview.

Financial Stewardship For Organizations: An Overview.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
ROLE OF INFORMATION IN MANAGING EDUCATION Ensuring appropriate and relevant information is available when needed.

ROLE OF INFORMATION IN MANAGING EDUCATION Ensuring appropriate and relevant information is available when needed.
Large Value Systems: Applying International Standards World Bank Training Course, in Cooperation with AMF and BMA Bahrain, March 16, 2005 Massimo Cirasino.

Large Value Systems: Applying International Standards World Bank Training Course, in Cooperation with AMF and BMA Bahrain, March 16, 2005 Massimo Cirasino.
3-1. 3-2 03 Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
SUPERVISION FRAMEWORK FOR CLEARING AND SETTLEMENT SYSTEMS: MAIN ELEMENTS AND SOME ISSUES TO INCLUDE IN THE OVERSIGHT OF THE SYSTEMS Global Payments Week.

SUPERVISION FRAMEWORK FOR CLEARING AND SETTLEMENT SYSTEMS: MAIN ELEMENTS AND SOME ISSUES TO INCLUDE IN THE OVERSIGHT OF THE SYSTEMS Global Payments Week.
AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.

AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.

Similar presentations

Ads by Google