The FIX Trading Community has released the FIX-over-TLS (FIXS) standard and guidelines to help users of the FIX protocol meet security requirements. FIXS is part of a larger programme of work that the FIX Trading Community initiated in response to the cybersecurity challenge.
The issue for members of the community is how to understand the cybersecurity landscape, and how to respond to the general deterioration and an increased specificity of threats, in a way that anticipates or leads legislative and regulatory responses.
FIXS is a technical standard that specifies how to use the Transport Layer Security (TLS) protocol with FIX. It is designed to make it easier for FIX participants to employ TLS, in the hope that a level of standardisation will help improve security across the industry. Guidelines are provided for different aspects of TLS as well as for the Stunnel open source program, making the standard widely accessible.
Michael Cooper, chief technology officer at Radianz, BT Global Banking and Financial Markets, and chair of the FIX cybersecurity working group, says: “The FIX cybersecurity working group was formed a number of years ago to facilitate industry collaboration against the background of a deteriorating cybersecurity landscape. As part of this effort, the FIXS sub-group was established. It has researched and is now publishing guidelines for extending the security of FIX communications and augmenting the security of trading operations.”
Charles Kilkenny, CEO at Actuare, and chair of the FIXS sub-group, adds: “FIXS is a starting point for firms wanting to secure FIX with TLS. I would ask firms and especially vendors to look at adopting FIXS and provide us with their feedback. We need this dialogue to continually improve what we have and to stay one step ahead.”