Advisory on the Secure Development and Provisioning of Distributed Ledger Technology (DLT)–Enabled Services

The advisory on the secure development and provisioning of Distributed Ledger Technology (DLT)-enabled services provides best practices on how organisations and service providers can address DLT security risks by applying security-by-design and mitigating measures to raise the cyber resilience of such services. A threat-based approach is taken to determine key areas of concern, with a focus on upholding security of DLT at the systems level and mitigating known attacks on smart contracts and digital wallets. An overview of the scope of recommended best practices is as follows: 

1. Governance and risk management: Prioritise cybersecurity controls to defend against known and emerging threats through a systematic risk-based process;
2. Security-by-design: Incorporate cybersecurity considerations upfront during the designing or provisioning of DLT-enabled services; 
3. Situational awareness: Enhance vigilance through threat intelligence by identifying, detecting, and responding to anomalous activities at the earliest opportunity;
4. Secure hosted and self-custody wallets: Ensure the security of digital wallets to prevent digital payment tokens from being stolen through cybersecurity and physical security controls; and
5. System resilience: Enhance resilience to recover from and minimise the impact of cyber incidents through cybersecurity controls.

The advisory was developed by contextualising cybersecurity requirements from international standards and industry best practices and in consultation with the Monetary Authority of Singapore (MAS), The Association of Banks in Singapore (ABS) and digital payment token service providers. Given the nature of DLT as an emerging technology, the advisory will be reviewed and revised periodically.

To find out more, download the Advisory on the Secure Development and Provisioning of Distributed Ledger Technology (DLT)-enabled Services