The European Association of CCP Clearing Houses (EACH) published a Paper on CCP Core Cyber Incident Handling Principles. In the spirit of promoting robust markets for users to hedge and invest in a stable environment, EACH Members have put together a set of Core Central Counterparty (CCP) Principles for Cyber Security.
These principles provide clearing members, settlement institutions, vendors, regulators and other interested parties a view on how EACH Members conduct the principles of Response, Recovery and Reconnection in case of cyber incidents:
1. Response: Preparing for and coping with the immediate impact of a breach
2. Recovery: Subsequently rebuilding and restoring of ICT systems
3. Reconnection: Reconnecting to market infrastructures, service providers and other organisations
These principles are known as the ‘3Rs principles’ and are complementary to the CCP’s own risk management processes and cybersecurity programs. Any lessons learnt from previous cyber-attacks or experiences shared by other affected or victim CCPs are to be used by EACH Members to update their Response, Recovery and Reconnection strategies.
EACH Members also emphasise the importance of performing of regular testing exercises to improve their ability to uncover gaps, thereby ensuring optimal preparedness for upcoming threats.