Everyone involved in the finance sector rely on a resilient digital ecosystem, with the Digital Operational Resilience Act (DORA) coming into effect in the US shortly, has brought a renewed urgency to the conversation. Organizations must be able to respond and recover from all types of ICT related disruptions and threats.
One important lesson is accurate timing systems are vital, not optional, in cybersecurity. Of course, DORA’s scope extends beyond time, but its requirements clearly involve it. Because of incident reporting and risk management obligations, financial institutions will have to maintain high standards of time synchronisation, timing data and process documentation, and resilient timing that’s resistant to cyber-attacks.
In a distributed computing environment, it is impossible to determine what caused what unless all devices’ clocks agree and the billions of daily transactions are time stamped accurately. To achieve this your time source must be:
- Traceable to a credible source of UTC, the world’s consensus time that is recognized by governments such as NIST (US time standard), so that timestamps can be compared across public service organizations and other records.
- Provable with logs of timekeeping accuracy retained for at least 5 years in order to prove that time was correct in the past.
- Accurate so that intervals between timestamps can be confidently calculated, even up to within one millisecond (thousandth of a second). NENA (National emergency number association) guidelines suggests a 1-milisecond synchronization NENA
- Secure: Reliable logging of the accuracy of all time sources, along with ancillary data that helps prove the time was correct. Provide alerts and warnings when time sources misbehave allowing for rapid response.
- Interoperability: Industry standard protocols seamlessly integrate to customer systems safeguarding legacy investment
- Evidencing: Provides traceability and verification, even years later
Precise and resilient time can be distributed from a global network satellite system (GNSS) using a master clock like the SecureSync2400 or a terrestrial source using a Traceable Time as a Service from Hoptroff.
