FIX Releases Cybersecurity Guidelines
The guidelines recommend authentication methods to use TLS protocols with FIX.
![cyber-security-2-web cyber-security-2-web](/sites/default/files/styles/landscape_750_463/public/import/IMG/779/289779/cyber-security-2-web.jpg.webp?h=d7f1125c&itok=WuIYyIsY)
FIX—a standard messaging language for most asset classes—set up a subgroup of the Cybersecurity Working Group to develop technical standards for using the Transport Layer Security (TLS) protocol. Discussions started in 2015 with the final guidelines opening up for public comment in July 2017. The group said FIXS is part of a larger project to address cybersecurity concerns expressed by the community.
Charles Kilkenny, chief executive officer of Actuare and chairman of the FIXS subgroup that worked on the guidelines, says the guidelines are a starting point for firms to add more security.
“FIXs is one of many controls which firms may want to consider when mitigating risk. It resulted in an opportunity within the FIX Cybersecurity Working Group to help make the use of TLS more straightforward for firms,” Kilkenny says. “The work of the FIX Cybersecurity Working Group is much broader though, covering everything from regulatory input to what are the common risks for firms to best of breed controls and learning from accepted information security frameworks. As a result, the collaboration and output of the group is much wider.”
The guidelines lay out how companies can use the TLS protocol, used to secure messages between servers, with FIX and maintain at least a minimum level of security.
“The standard first concentrates on possible methods to authenticate the parties connecting to one another,” according to the guidelines. “It then goes into the different aspects of each authentication method as well as the different protocol options and what is recommended.”
The guidelines recommend different authentication methods, protocol options, and cipher suites but do not prevent firms to use additional security policies.
Michael Cooper, chief technology officer for Radianz at BT Global Banking and Financial Markets and chairman of the working group, says cybersecurity posed a significant challenge for companies so it was important that the group allows for options in addressing it.
“There are several inherent challenges in addressing cybersecurity – not least being the increasingly broad attack surface we expose in an increasingly electronic and digital world, so where to focus, in what order and to what degree? Part of this is risk analysis – understanding not only what and where the risk is, but enabling sensitivity for an individual or organisation’s own assessment and appetite, understanding trade-offs and providing optionality – we are a community and there will be differences,” Cooper says. “That aspect is also one of the key advantages we have, as a community we have access to and communicate with a diverse group with a wide range of experience, skills and perspectives. But the perhaps the biggest challenge is the constancy and pervasiveness of the threat, we have designed our response to evolve as the threat evolves – this isn’t a threat that is binary and we will need to maintain currency as a consequence.”
The working group noted the guidelines can be updated based on industry feedback. FIX was unable to provide additional comment in time for publication.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Trading Tech
Bloomberg, industry bodies push back on Cboe’s proposed OEMS rule change
Some industry bodies disagree with the options exchange’s proposal to carve its Silexx OEMS out of the SEC’s definition of an exchange facility and place it into a separate business line.
Waters Wrap: CME, Google and the pursuit of ultra-low-latency trading
CME Group and Google have announced Aurora, Illinois, as the location for the exchange’s new co-location facility. Anthony explains why this is more than just the next phase of the two companies’ originally announced project.
WatersTechnology latest edition
Check out our latest edition, plus more than 12 years of our best content.
Natixis refines in-house interoperability model
The French asset manager has refined its canonical data model over the last decade, as the interoperability movement continues to evolve.
Zeros and ones: Industry contemplates T+0 as the next step
With the North American transition to T+1 settlement complete, same-day settlement could be the next goalpost set, though skeptics are many.
IEX Cloud closure forces fintech clients to seek data alternatives
IEX says it is ditching its unprofitable data arm to focus on its core exchange business, but other vendors believe they can turn a profit from its former client base of fintechs, retail investors and some institutions.
This week: Nasdaq/IDX, IMC/Cboe, S&P, and more
A summary of the latest financial technology news.
The IMD Wrap: Déjà vu as exchange data industry weighs its options
Max highlights some of WatersTechnology’s recent reporting on data costs and capacity issues facing the options industry, and asks, haven’t we seen this before somewhere?
Most read
- Zeros and ones: Industry contemplates T+0 as the next step
- IEX Cloud closure forces fintech clients to seek data alternatives
- Natixis refines in-house interoperability model