crypto currency security from the frontlines
play

Crypto Currency Security from the Frontlines Hedge Funds, Nation - PowerPoint PPT Presentation

Crypto Currency Security from the Frontlines Hedge Funds, Nation State Threats & T echnical Security Approaches Adam Healy, CISO State of Crypto Asset Security 2016 Market Capitalization NASDAQ 1 ~$7.8 trillion London Stock Exchange 1


  1. Crypto Currency Security from the Frontlines Hedge Funds, Nation State Threats & T echnical Security Approaches Adam Healy, CISO

  2. State of Crypto Asset Security

  3. 2016 Market Capitalization NASDAQ 1 ~$7.8 trillion London Stock Exchange 1 ~$3.5 trillion Who cares? It’s just crypto. Crypto 2 ~$11.8 billion Sources: 1) caproasia.com 2) coinmarketcap.com

  4. 2 Year 2018 Market Growth Capitalization 19% NASDAQ 1 ~$10 trillion 28% LSE 1 ~$4.15 trillion Who cares? It’s just crypto. 1772% Crypto 2 ~$221 billion Sources: 1) caproasia.com 2) coinmarketcap.com

  5. Root Cause Estimate Source: https://magoo.github.io/Blockchain-Graveyard/

  6. Malware Social Engineering Spear Phishing Compromised Code Repos Physical Threats Current Threats Insider Threat Covert Surveillance Radio Frequency Attacks Other Sophisticated Attacks

  7. Self Custody • Geographically Distributed or Centralized • Cold or Hot 3 rd Party Key Management • Multi-signature or Single Common Storage • Coin Support (maybe) Approaches • Cold or Hot 3 rd Party Custody • Trust • Coin Support (maybe) • Cold or Hot • Multi-signature or Single

  8. Enterprise Best Practices Air- gapped (“cold”) Certified and whitelisted Insider threat controls 1 2 3 storage software All private key No comingling of Internal and 3rd party operations conducted 4 client assets 5 6 code review in faraday enclosures Redundant operations Internal, external & Private keys never facilities with 24x7 physical penetration 7 8 9 exposed security tests Audited key Audited backup and Emergency key rotation 10 11 12 generation process recovery process plan

  9. Standards Alignment Industry-wide standardization remains immature. One of the most the commonly referenced standards, CCSS, was last updated in 2016 and is largely Bitcoin centric. ISO ICD NIST CCSS SOC 2 WebTrust

  10. Emerging Trends Multi-party Computation Secure Enclaves Hardware Security Module Regulatory Direction Software Guard Extensions Managed Due Diligence & Vendor Management

  11. Q&A

  12. For more information contact us at: info@digitalassetcustody.com Thank You

Recommend


More recommend