Leaving room for interpretation in guidelines and allowing the crypto sector to self-regulate, grow, and change might be the best choice for crypto cybersecurity regulation, according to David Schwed, former head of digital assets technology at BNY Mellon and current Chief Operating Officer for blockchain cybersecurity firm Halborn. Schwed cites the Gramm–Leach–Bliley Act (GLBA) as an example, which uses broad language around certain aspects such as “maintaining appropriate safeguards.” He argues that this allows financial companies to continually raise the bar on what the industry sees as acceptable, rather than strictly adhering to rigid laws.
When it comes to the crypto industry, Schwed believes that similar legislation should be written with “vague and ambiguous” language. This would provide banking regulators with the ability to set standards through banking examination instead of explicit regulation. His reasoning behind this stance is that technology is constantly developing, making it impossible for laws to change quickly enough to catch up.
Furthermore, Schwed points out that cybersecurity regulations don’t typically dictate specific technologies or tactics. Instead, they are meant to be broad enough to accommodate change, as what is considered good today may not be good tomorrow. However, there are certain traditional financial risk management regulations, such as the capital reserve requirements for custodians in the Dodd-Frank Wall Street Reform and Consumer Protection Act, that could be applied to the crypto industry.
On the topic of mainstream adoption, Schwed argues that blockchain cybersecurity is crucial. Hacks in the crypto space can scare regulators and deter institutions from getting involved. To address this issue, Schwed suggests that there is a need for better crypto knowledge among regulators, traditional technologists, and security professionals.
Despite the tightening of regulations around the crypto space by the US government, Schwed believes that they are taking their time to figure things out, as they want to enact regulation without making mistakes.
In conclusion, the idea of allowing the crypto sector to self-regulate and grow within guidelines offers an effective approach to cybersecurity regulation. Flexible legislation with room for interpretation can accommodate the rapid changes in technology, while still providing a framework for industry standards. This promotes innovation and encourages mainstream adoption while maintaining an adequate level of security and risk management.
Source: Cryptonews