Crypto Currency Security from the Frontlines Hedge Funds, Nation State Threats & T echnical Security Approaches Adam Healy, CISO
State of Crypto Asset Security
2016 Market Capitalization NASDAQ 1 ~$7.8 trillion London Stock Exchange 1 ~$3.5 trillion Who cares? It’s just crypto. Crypto 2 ~$11.8 billion Sources: 1) caproasia.com 2) coinmarketcap.com
2 Year 2018 Market Growth Capitalization 19% NASDAQ 1 ~$10 trillion 28% LSE 1 ~$4.15 trillion Who cares? It’s just crypto. 1772% Crypto 2 ~$221 billion Sources: 1) caproasia.com 2) coinmarketcap.com
Root Cause Estimate Source: https://magoo.github.io/Blockchain-Graveyard/
Malware Social Engineering Spear Phishing Compromised Code Repos Physical Threats Current Threats Insider Threat Covert Surveillance Radio Frequency Attacks Other Sophisticated Attacks
Self Custody • Geographically Distributed or Centralized • Cold or Hot 3 rd Party Key Management • Multi-signature or Single Common Storage • Coin Support (maybe) Approaches • Cold or Hot 3 rd Party Custody • Trust • Coin Support (maybe) • Cold or Hot • Multi-signature or Single
Enterprise Best Practices Air- gapped (“cold”) Certified and whitelisted Insider threat controls 1 2 3 storage software All private key No comingling of Internal and 3rd party operations conducted 4 client assets 5 6 code review in faraday enclosures Redundant operations Internal, external & Private keys never facilities with 24x7 physical penetration 7 8 9 exposed security tests Audited key Audited backup and Emergency key rotation 10 11 12 generation process recovery process plan
Standards Alignment Industry-wide standardization remains immature. One of the most the commonly referenced standards, CCSS, was last updated in 2016 and is largely Bitcoin centric. ISO ICD NIST CCSS SOC 2 WebTrust
Emerging Trends Multi-party Computation Secure Enclaves Hardware Security Module Regulatory Direction Software Guard Extensions Managed Due Diligence & Vendor Management
Q&A
For more information contact us at: info@digitalassetcustody.com Thank You
Recommend
More recommend