August 25th, 2023
On August 11, 2023, Web3 security firm Halborn inaugurated its ACCESS summit on digital assets within the iconic walls of the New York Stock Exchange. The summit aimed to thoroughly explore the digital asset ecosystem and the strategic utilization of blockchain technology to enhance security and scalability. The all-day summit featured keynotes, panel discussions, and interactive networking sessions, all centered around blockchain's potential to enhance security, optimize efficiency, and bolster overall competitive capabilities of financial institutions.
Rob Behnke, CEO and Co-Founder of Halborn, set the tone with his keynote, sharing valuable insights on digital asset security frameworks, regulations, and infrastructure. The keynote highlighted the financial industry’s evolution towards embracing blockchain and digital assets.
Behnke was then joined on stage by David Schwed, COO of Halborn, for a fireside chat introducing Digital Ledger Technology (DLT) security. They highlighted its limitations in light of dynamic technological advancements like blockchain, as well as the growing adoption of digital assets by prominent regulated financial institutions. Schwed highlighted the striking lack of robust controls and cybersecurity protocols within the rapidly growing realm of blockchain and digital asset enterprises. He emphasized the notable absence of conventional Security Operations Centers (SOCs), which have traditionally served as bastions for identifying and mitigating threats in established cybersecurity frameworks.
Continuing the momentum, the Access summit MC, Cristina Dolan, LATAM Director, Head of Americas Channel, and Global Head of Alliances at RSA, steered the proceedings towards the first panel discussion on Institutional Security Challenges for DLT.
The panel was moderated by Nate Nelson (reporter at Dark Reading and writer/editor at
Malicious Life), and featured the following speakers: Katelyn Perna (Head of Security and Director, Digital Assets and Information Security at BNY Mellon), Carlos Vivas Augier (Director and Senior Principal Engineer in IT at DTCC), and Tracy Li (Co-Founder & Partner of Istari Ventures).
Nelson guided the panel discussion into the cybersecurity CIA triad —Confidentiality, Integrity, and Accessibility— within institutional contexts. The discussion navigated the challenges brought forth by groundbreaking technologies, such as crypto asset security and blockchain development. Tracy Li underlined the importance of establishing an optimal number of trusted parties and fail-safe mechanisms for custody processes. Katelyn Perna and Tracy Li echoed the shared sentiment that cybersecurity presents formidable complexities. Perna also delved into the significance of prioritizing security-by-design, advocating for a transition from rapid development to a more secure approach.
Carlos Vivas Augier's contributions left a lasting impact on the conversation. His thought-provoking queries—"Do individuals genuinely grasp decentralized environments? Are all cyber risks comprehended?"—shed light on the complex nature of decentralized systems and the persistent threat of social engineering. He further emphasized the necessity to harmonize standards and governance across both centralized and decentralized landscapes, addressing the regulatory nuances posed by these evolving technologies. His insightful statement that "The advantage of utilizing blockchain lies in its provision of a singular source of truth" underscored a pivotal strength of blockchain technology.
By the end of the panel, a clear realization had emerged: the cybersecurity challenges inherent to the evolving DLT landscape necessitate profound understanding, innovative talent cultivation, and the strategic alignment of standards to safeguard the security of these transformative technologies.
The stage was then set for the next panel discussion on Bridging the Gap between Digital Assets and the Corporate World: Security and Privacy Considerations. The panel was moderated by Jacquelyn Melinek, senior crypto reporter at TechCrunch and featured the following speakers: Shaul Kfir, Co-founder & COO at Digital Asset; David Schwed, COO of Halborn; Dan Simerman, Creator of Touchpoint; and Scott Stornetta, Partner and Chief Scientist at Yugen Partners.
Melinek elevated the conversation on digital assets with thought-provoking queries that explored aspects like network censorship and safeguards against mishaps. Stornetta and Kfir made connections to Satoshi's Bitcoin Whitepaper, highlighting its focus on avoiding censorship and embracing the interconnected nature of progressing technology.
Simerman emphasized the innate value of blockchain networks as digital social spaces, akin to traditional social platforms. Schwed provided a discerning perspective on gauging risk, contemplating profit generation against possible hazards and the allure of fear-of-missing-out (FOMO). And Kfir's reminder of technology's inherent susceptibility to glitches underscored the imperative of strong recovery protocols to augment overall system resilience.
Furthermore, Stornetta succinctly outlined his three tenets for Bitcoin security: "First, retain your key. Second, hold your key close. Third, uphold rules 1 and 2." In summary, the panel deconstructed security and privacy contemplations within the context of digital assets and their integration into the corporate landscape.
Subsequently, Steven Walbroehl, Co-Founder and CTO at Halborn, delivered an insightful keynote on The Blockchain OSI Model and BVSS Calculator: Quantifying Web3 Risk. Walbroehl's compelling address introduced a novel framework aligned with the layered architecture of blockchain and other sophisticated technology-enabled systems. A pivotal insight was the notable congruence between the BSI layers and the OSI layers, particularly in the realms of Data and Physical layers. Remarkably, BSI's DAPP, Smart Contracts, Transactions, Consensus, and Peer to Peer layers correspond harmoniously to OSI's Application, Presentation, Session, Transport, and Network layers, respectively.
Walbroehl also highlighted the distinct risks embedded within each of these layers, tailored to the vulnerabilities intrinsic to blockchain technologies. Walbroehl emphasized the imperative for a fresh risk framework — showcasing how conventional risks, like Man-in-the-Middle attacks, may not carry the same significance within blockchain networks.
As a testament to Halborn's pioneering efforts, Walbroehl delineated the evolution of the risk framework and the tools they introduced, presenting a proactive strategy anchored in Halborn’s extensive frontline expertise. A new tool arising from this endeavor, the BVSS calculator, equips Halborn clients to quantify and mitigate the attack vectors intricately woven into blockchain networks — a domain inherently more complex than conventional networks.
Following the address was another insightful panel on Custody Best Practice and Options: Buy or Build moderated by Michael Perklin, Chairman at C4. Speakers included David Schwed (COO of Halborn), Sujay Jaladi (Vice President Security at FalconX), Sarah Downey (Managing Director, LFS Blockchain Advisory Leader and Financial Services Claims Leader at Lockton Companies), and Dave Wise (Head of Blockchain Infrastructure at Galaxy).
Perklin drew attention once again to the vital cybersecurity triad of Confidentiality, Integrity, and Accessibility (CIA) - a fundamental trinity in the domain of digital security. Sarah Downey's inclusion on the panel brought a unique dimension, as she offered insights into the realm of cyber insurance within the context of digital assets and blockchain. Her exploration of the evolution of cyber insurance products over the past six months highlighted the rapid evolution within this sector. The central role of the BVSS calculator and its framework in assessing and mitigating risks within this landscape was also underscored.
Responding to Perklin's query about the delineation of 'mistakes' that lead to security vulnerabilities and losses, Downey emphasized that smart contract specifications play a decisive role, with non-intentional errors falling under the scope of insurance coverage. Schwed, COO at Halborn, tackled emerging attack vectors and discussed his concerns about Apple's upcoming feature enabling iOS to replicate voices, potentially facilitating the creation of convincing deep fakes. He further delved into the vulnerabilities of out-of-band verifications, sounding a cautionary note about their susceptibility to manipulation through deep fake technologies.
And finally, Jaladi accentuated the importance of attracting adept individuals capable of maintaining the systems in place, shedding light on the indispensable role of human expertise in ensuring the integrity and security of digital asset systems.
The observations from the panel ultimately shed light on the custody best practices, the strategic equilibrium between constructing and acquiring, and the interplay among the capabilities of digital assets and the diverse security factors they encompass.
Following the lunch break, MC Cristina Dolan introduced the next panel: Digital Asset Evolution: Risk, Resilience, and Operational Challenges in the Financial Landscape moderated by Leo Schwartz, crypto reporter at Fortune. The panel featured Angela Dalton (CEO & Founder of Signum Growth), Rikhil Bajaj (Head of Fintech & Software at Tarsadia Investments), and Hod Hirshman (CEO & Co-Founder of Merklebase).
Schwartz’ first question was around trends and future initiatives from TradFi going into Web3 to which Bajaj was the first to answer. He brought forward the dimensional context of TradFi stating his firm’s belief that “Sub 1% of TradFi activity has migrated to Web3”. Bajaj went on to affirm that the only way the Web3 industry will actually grow is with an important volume of global digital assets from the TradFi space being brought in.
Angela Dalton then echoed Tracy Li’s remarks on TradFi needing crypto natives to figure out how to move forward. Dalton also highlighted the difficulties of investing in crypto projects with the current tough conditions, adding to the importance of the TradFi / Web3 collaborative approach since she considers that “a lot of the capital will come from Traditional Finance”.
A follow up question from Schwartz led the panelists to discuss how the participation of TradFi would shape the more non-traditional nature of crypto projects. Hod Hirshman was the first to answer, highlighting a need for traditional financial institutions’ sentiment to change in order to align their operational capabilities to crypto.
The panel then addressed a variety of urgent subjects, from navigating the evolving landscape of cryptocurrency regulations and strengthening security protocols against emerging risks, to dissecting the persistent market volatility of digital assets. The panelists’ exchanges further encompassed the growing institutional interest in digital assets, the transformative potential of blockchain and decentralized finance (DeFi) technologies, and the pivotal considerations regarding the ecological impact of these holdings.
Other notable points included the role of stablecoins in dampening volatility, the intricacies of international transactions, and the significance of educating users in this burgeoning financial paradigm. The panel ultimately summarized the interaction between digital assets and established financial frameworks, along with the imminent challenges and prospects inherent in this dynamic transformation.
Steve Walbroehl, CTO at Halborn, then delivered yet another enlightening keynote on Smart Contract Security Solutions for Financial Services. In this keynote, Walbroehl discussed the complex hurdles and inventive approaches to strengthening the durability of smart contracts within the financial sector. He explored subjects including distinct vulnerabilities associated with smart contracts, potential routes for attacks, and the pivotal significance of strong security frameworks in upholding the security of financial activities.
Access MC Cristina Dolan then set the stage for the next insightful discussion, introducing the highly anticipated panel centered on Permissioned Blockchains and Tokenization. The panel, moderated by Anita Ramaswamy (Columnist at Reuters Breakingviews), included the following speakers: John D’Agostino (Strategic Partnerships at Coinbase), Prakash Neelakantan (Vice President - Blockchain Strategy at Broadridge), Yorke E. Rhodes III (Co-Founder of Blockchain at Microsoft) and Puneet Singhvi (Head of Digital Assets, Institutional Clients Group at Citi).
After an initial round of introductions by panelists, Ramaswamy asked about particular use cases where efficiency is a central benefit of using permissioned blockchains. Yorke E. Rhodes answered the question by using an example from gaming: he emphasized the user’s desire to control their “destiny” in terms of the items (in the form of NFTs for example) they spend time collecting within games. Citi’s Puneet Singhvi then geared towards a more financial-focused example: the bond market and the access democratizing by fractionalization.
While John D’Agostino echoed on fractionalization, Prakash Neelakantan added liquidity as a strong characteristic for tokenized assets. Going further, Neelakantan also highlighted automation to create a better service experience through auto fulfilling automatic value distribution.
The panelists then explored a range of industries reaping the benefits of permissioned blockchains, spanning from enhancing supply chain transparency to securing financial transactions and advancing healthcare data management. Tokenization emerged again as a revolutionary catalyst, democratizing access to assets such as real estate and stocks through digital representation.
Amid these strides, the panelists delved into the challenges of tokenization, encompassing regulatory complexities and the equilibrium between centralization and decentralization. Interoperability, privacy, and security were emphasized as important considerations as well. As they collectively envisioned the future of tokenization, heightened collaboration, establishment of industry standards, and a continuous pursuit of education were underscored as a few of the main forces shaping the transformative journey ahead.
Dolan then introduced the CISO roundtable, which included Steve Walbroehl (CTO at Halborn), Norah Beers (CISO at Grayscale), Sujay Jaladi (Vice President Security at FalconX), and Dave Ackerman (Head of Compliance at MobileCoin).
The roundtable thoroughly explored the convergences of blockchain technology, networking, security, and the broader technological context, and projected the forthcoming trends in blockchain technology and its potential ramifications across industries.
Norah Beers underscored the existing voids in threat detection and response tools within Security Operation Centers for emerging technologies like blockchain and digital assets, when compared to the established tools utilized in conventional enterprises. She highlighted the imperative task of bridging this disparity to ensure robust cybersecurity measures in this evolving arena.
Evident from the panel was the challenge of sourcing the appropriate talent for such specialized security roles, coupled with innovative methodologies shared for training hybrid teams capable of addressing the distinct security requisites of these transformative technologies. The final panel shed light on the urgent necessity for heightened cybersecurity practices as the industry shifts toward the realms of blockchain and other nascent technological frontiers.
Rob Behnke closed the summit by giving some final remarks about blockchain security issues and Halborn’s elite blockchain security solutions.
The inaugural Halborn Access summit provided a comprehensive exploration of various key themes in the realm of blockchain and digital assets. Speakers discussed the evolution of the financial industry towards blockchain adoption, emphasizing security frameworks, regulations, and infrastructure. The challenges and limitations of cybersecurity in this context were highlighted, particularly in SOCs for emerging technologies. Institutional security challenges, including crypto asset security and blockchain development, were explored and topics like bridging digital assets with the corporate world, custody best practices, smart contract security, permissioned blockchains, and tokenization were central to the discussions.
Above all, the summit drove home the need for enhanced cybersecurity measures in the face of evolving technologies like blockchain and tokenization.
For more information on Halborn’s services for financial institutions looking to adopt blockchain technology and digital assets, get in touch with us to schedule a call.