Statement of Support of Chairman Timothy Massad, Notice of Proposed Rulemaking DMO System Safeguards Testing
December 16, 2015
I strongly support this proposed rule, which would enhance and clarify requirements to protect exchanges, swap execution facilities and swap data repositories from numerous cybersecurity risks.
This proposal, alongside a companion measure released by the Commission’s Division of Clearing and Risk, ensures that the private companies that run the core infrastructure under our jurisdiction are doing adequate evaluation of cybersecurity risks and testing of their own cybersecurity and operational risk protections.
I believe this proposed rule will help address a number of concerns, such as information security, physical security, business continuity and disaster recovery. The proposal sets principles-based testing standards which are deeply rooted in industry best practices.
The rule identifies five types of testing as critical to a sound system safeguards program: vulnerability testing, penetration testing, controls testing, security incident response plan testing and enterprise-wide assessment of technology risk. Such efforts are vital to mitigate risk and preserve the ability to detect, contain, respond to, and recover from a cyberattack or other type of operational problem.
The proposal applies the base standards to swap execution facilities. It also contains an anticipated notice of proposed rulemaking, which notes that the Commission is considering whether to apply minimum testing frequency and independent contractor testing requirements to the most systemically important swap execution facilities. I previously stated that I did not expect our proposal would apply to SEFs—not because cybersecurity isn’t just as important for them – but because many SEFs are still in the very early stages of operation.
But my fellow commissioners have expressed concerns about potential vulnerabilities and felt that we should propose that the requirements apply to SEFs at this time. I appreciate their views and am committed to working collaboratively to address these issues.
As always, we welcome public comment on this and its companion proposal, which will be carefully considered before taking any final action.
Last Updated: December 16, 2015