Improving Security Standards in Financial Services with ASC X9

Through participation in the ASC X9 work group, researchers from Edinburgh are contributing to the design of new metrics and measurement approaches for the Cybersecurity Variance Index. The focus is on developing practical, evidence‑based tools that support risk assessment and comparison across a range of financial services use cases, including payment systems and digital asset infrastructure.

Rather than relying on individual indicators, the approach examines how systems behave under stress and how trust, control and risk are distributed across technical components. These measurements support a clearer understanding of systemic weaknesses and resilience for regulators, financial institutions and technology providers.

The collaboration with ASC X9 draws on the foundations established by the Edinburgh Decentralisation Index. EDI was created in response to the lack of robust and transparent methods for assessing decentralisation in blockchain networks.

Instead of surface‑level indicators, EDI studies decentralisation from first principles. Its framework archives relevant datasets, defines rigorous metrics, and analyses blockchain systems across eight distinct layers, ranging from consensus mechanisms and network structure to software development practices and token economics.

To support both academic and industry use, the results are published through the EDI Dashboard. This open tool enables users to track decentralisation trends over time and compare different blockchain systems, providing insight into how design choices affect resilience, security and long‑term sustainability.

The methodology developed through EDI is also being explored beyond blockchain contexts. In practice, measuring decentralisation can be used to assess resilience, understood as the ability of digital systems to withstand attacks, failures or excessive concentration of control.

To examine this broader application, researchers associated with BTL have launched Cairnlytics, an experimental initiative that applies EDI‑inspired metrics to general cybersecurity challenges. The current phase focuses on a single EDI layer—the software layer—to assess resilience in software supply chains, an area of increasing concern for governments and industry.

By analysing this layer in isolation, the project tests whether decentralisation‑based metrics can help identify vulnerabilities in wider digital ecosystems. If successful, the approach may be extended to additional layers of the EDI framework and applied to other cybersecurity domains.

This experimental work has gained external recognition, reaching Phase 2 of the CyberASAP accelerator and the Venture Builder Incubator (VBI 6.0).

The Blockchain Technology Laboratory (BTL) was established in 2016 at the University of Edinburgh through the initiative of the R&D technology company IOG (formerly IOHK). The laboratory conducts interdisciplinary research into distributed ledger technologies, with a focus on security, resilience, scalability, performance and incentive design.

Professor Aggelos Kiayias, Chair in Cyber Security and Privacy at the School of Informatics, is Director of the Blockchain Technology Laboratory and also serves as Chief Scientist at IOG. The laboratory works closely with academic and industry partners worldwide and forms part of a broader international network of blockchain research centres.