With our nation at the cusp of exciting and challenging technological innovations, it will take a broad representation of stakeholder perspectives to build a safe financial system that harnesses the best of emerging technology while protecting customers and financial stability. As the Commission and others make policy decisions on next generation technology, it is critical that we have a foundational understanding of the technology, and the specific implications for finance and law. For that reason, we have assembled Technology Advisory Committee members who are well-respected experts in the fields of cybersecurity, artificial intelligence, electronic trading, blockchain technology, and digital assets.
For many on the Committee, this will be your first time working with the CFTC, and our mission to promote market integrity, resilience and vibrancy, which includes instituting the safeguards that make responsible innovation possible. We can greatly benefit from your expertise in determining how to ensure our markets are resilient to increasingly-sophisticated cyber attacks, to ensure that any development of digital assets protects customers and market integrity, and to consider how emerging technologies, like artificial intelligence and cloud technology, can be responsibly developed, deployed, and used.
I am exceptionally pleased to introduce TAC’s Chair Carole House from Terranet Ventures, who many of you know from her work at the White House National Security Council as the Director for Cybersecurity and Secure Digital Innovation. Among her many other accomplishments, Chair House was instrumental in authoring the Executive Order on Ensuring Responsible Development of Digital Assets. I am also very pleased to introduce Vice Chair Ari Redbord who is well known for his service at the Department of Justice, Treasury Department, and now at the blockchain intelligence company TRM Labs. I also want to recognize and give thanks to the TAC Designated Federal Officer Tony Biagiolo, Joe Cisewski and Phil Raimondi in my office, and the CFTC staff.
Responsible Artificial Intelligence (AI)
Today we have a panel on responsible AI. Let me start with an explanation of what responsible AI means for financial markets:
In the context of financial markets, responsible AI involves using AI technologies to improve the efficiency, accuracy, and transparency of financial systems while also ensuring that these technologies are designed and deployed in a way that aligns with the interests of all stakeholders, including investors, customers, and regulators. One key aspect of responsible AI in financial markets is ensuring that AI algorithms are transparent and explainable. This means that the logic and decision-making processes behind AI-driven investment strategies and risk strategies must be easily understandable and auditable by humans. It also means that the data used to train these algorithms must be diverse, unbiased, and representative of the populations they serve.
Another important aspect of responsible AI in financial markets is ensuring that AI technologies are used in a way that minimizes the potential for harm to individuals and communities. This includes guarding against fraud and market manipulation, protecting personal and financial data privacy, and ensuring that AI algorithms do not reinforce or exacerbate existing inequalities and biases in the financial system. Overall, responsible AI in financial markets involves balancing the potential benefits of AI technologies with the need for ethical and transparent decision-making, regulatory compliance, and social responsibility.
Now, I have a confession: That explanation was written word-for-word by ChapGPT, and it seems pretty spot on.
AI is being increasingly employed by exchanges, financial institutions, and throughout our financial system. Today, we are pleased to hear from experts in responsible development, deployment and use of AI. We will hear presentations from Alan Mislove, the Assistant Director for Data and Democracy of the White House Office of Science and Technology Policy, who will present on the Blueprint for an AI Bill of Rights, and from TAC member, IBM fellow, and IBM AI Ethics Global Leader Francesca Rossi.[1] We will also hear about AI-enabled cyber attacks from TAC member Tim Gallagher, Managing Director in the Cyber Risk practice at Kroll, who has a 20 year distinguished career with the Federal Bureau of Investigation that included serving as the Special Agent in Charge (SAC) of the Criminal and Cyber Division in the Washington, D.C. field office and as SAC in Newark, New Jersey.
Decentralized Finance (DeFi)
We look forward to TAC’s deep dive on the rapidly growing decentralized finance (“DeFi”) ecosystem. As regulators and Congress make policy decisions related to DeFi, it is important to have a common foundation in understanding how DeFi works, how decentralized exchanges, DEXs, or other DeFi protocols, differ from centralized exchanges, for example, what indicators of decentralization may be, and how to assess the implications for finance and law.
While DeFi may hold the promise of avoiding some of the vulnerabilities of centralized exchanges, and may hold the possibility for making our financial system more accessible and inclusive, DeFi presents unique challenges, which we will hear about today. One is the foundational issue of accountability. Some say that accountability rests in code, protocols, and smart contracts, or in evolving governance structures. However, organizations may also have varying degrees and areas of centralization that can lead to accountability.
I also hope that industry and regulators alike can agree on the need to prevent illicit finance from money laundering, terrorist financing, and sanctions evasion. This is where the issues of digital identity in the DeFi ecosystem, and beyond, come into play. And there are concerns about cyber vulnerabilities.
Today we are pleased to hear about the DeFi landscape, indicators and issues related to decentralization, digital identity, privacy and unhosted wallets, and exploits and continuing vulnerabilities in crypto markets. We will hear presentations from TAC members, including Chair House, Vice Chair Redbord, Nikos Andrikogiannopoulos, the founder and CEO of Metrika, Jill Gunter, Chief Strategy Officer of Espresso Systems, Michael Shaulov, the founder and CEO of Fireblocks, and Dan Guido, the founder and CEO of Trail of Bits. These voices are expert and experienced; builders and founders focused on blockchain analytics, digital asset and smart contract security, and the frontier of digital identity and privacy.
Cyber Resilience
We also look forward to the panel focusing on promoting cyber resilience to protect our national security, economic prosperity, privacy, and even our way of life. In an increasingly complex threat landscape, including from hostile state actors tied to Russia, China, Iran and North Korea, promoting cyber resilience is critical. The White House, in its National Cybersecurity Strategy (“Strategy”), defined resilience as a state “where cyber incidents and errors have little widespread or lasting impact.”[2] The Strategy states, “A single person’s momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences.”[3]
Cyber resilience requires planning and preparedness so that organizations are cybersecure by design.
Cyber resilience requires governance and attention from not only the Chief Information Security Officer’s (CISO) office but also the rest of the C-Suite.
Cyber resilience requires reducing vulnerabilities internally (such as zero day or n-day vulnerabilities)[4] and externally with supply chain and other third-party vendors.
Cyber Resilience by Design: Today we will hear from Kevin Stine, Chief of the Applied Cybersecurity Division of The National Institute of Standards and Technology’s (“NIST”) about NIST’s Cybersecurity Framework that has been widely used by companies to design their cybersecurity. Executive Order 14028 Improving the Nation’s Cybersecurity (“EO”) directs NIST to issue guidance “identifying practices that enhance the security of the software supply chain.”[5] I look forward to hearing about those efforts, given our highly integrated and interdependent financial system and plethora of service providers—many with their own service providers—a system that can quickly spread cyber attacks across the financial sector.[6] I also note that the EO envisions the Federal Government leading by example through a “Zero Trust Architecture” for federal networks.[7] Some of our registered entities have moved to a zero trust framework, moving away from a perimeter defense framework.
Cyber Incident Response: TAC member Todd Conklin, who serves as the Deputy Assistant Secretary for Cybersecurity and Critical Infrastructure Protection at the Department of Treasury, will present on cyber incident response. DAS Conklin will discuss lessons learned from the recent ransomware attack on ION Markets, which impacted derivatives markets.
Cloud Technology: With greater use of cloud-based technology within companies and their third-party service providers, we are pleased to hear Deputy Assistant Secretary Conklin’s presentation today about the financial sector’s use of cloud services.[8] In February, Treasury released a report on the potential benefits and challenges associated with the increasing trend of financial sector firms adopting cloud services technology.[9] Treasury’s report cites to a 2021 ABA survey that found that more than 90 percent of surveyed banks maintained some data, applications or operations in the cloud.[10] Treasury’s report also found that “large investment advisors, investment companies, and broker-dealers are adopting cloud computing services,” and that technology service providers that provide core banking and trading software services to financial institutions also are turning to cloud services.[11] In the derivatives markets, some critical infrastructure, like our largest exchanges and clearinghouses, are considering migrations to the cloud.
I am pleased that these federal agencies are here to present because coordination among federal regulators and harmonization of federal requirements is crucial to cyber resilience. We are more resilient when we work together both within the government, and with the private sector. The goal of the White House in recently announcing its National Cybersecurity Strategy is a “defensible, resilient digital ecosystem where it is costlier to attack systems than defend them, where sensitive or private information is secure and protected, and where neither incidents nor errors cascade into catastrophic, systemic consequences.” If we can achieve those goals, we will be shifting our nation to cyber offense, while keeping our cyber defense strong.
I am honored to sponsor this tremendous group on the Technology Advisory Committee, and I thank you for your public service.
![Dust Labs Launches [de]id](https://www.newsnft.com/wp-content/uploads/2023/06/Fxu4IzgacAA_ycY-120x86.jpeg)
