BIS highlights cybersecurity risks, proffers framework for ‘secure’ CBDC systems

The Bank for International Settlements (BIS) recently published two papers as part of its Project Polaris program, which aims to design secure and resilient central bank digital currency (CBDC) systems.  

The details  

• The BIS papers offer central banks insights into threat assessments and help them safeguard against risks related to CBDC implementation.
• In the first paper released last Friday, the BIS shared the result of its analysis of distributed ledger attacks (DLT) in the DeFi domain, revealing that there are gaps in the existing threat modelling techniques which could make CBDCs that use novel technology like smart contracts vulnerable.  
• The bank’s research also highlights a wide range of potential threat agents and a variety of common and emerging threats in the cyber threat landscape of CBDCs.  
• These include organized crime groups, hackers, professional criminals, compromised third-party tech providers, nation-state-sponsored groups, malicious end users, natural or human-caused disasters natural, and other factors. 
• The second paper introduces a CBDC cybersecurity framework that will enable central banks to recognize the complexity and new threat landscape created by the existence of CBDC systems,  
• The framework provides central banks with a seven-step model for secure and resilient CBDC systems that are intended to be updated periodically as CBDC technology and systems change.   

Telling quote 

The bank wrote: 

“As far as is known, there have not been any successful cyber attacks against operational CBDC systems. However, there have been many high-profile cyber attacks in the DeFi domain, such as exploiting weaknesses in consensus mechanisms as well as smart contracts that enable attacks on cryptocurrency exchanges and wallets … Since CBDCs may use novel technologies such as DLT and smart contracts, they too could be exposed and vulnerable to the type of attacks that were successfully made in the DeFi domain.”  
 

Moving forward 

• Through the new cybersecurity framework provided by the BIS Innovation Hub, technology providers now have access to valuable insights that can guide them in implementing more secure CBDC systems.    
• These papers by BIS also provide information to enable countries such as Mauritius, and the UK currently exploring potential CBDCs to make informed decisions as they approach implementation.  
• As the papers highlight, a more secure CBDC system will urge central banks to consider the strength of other operators needed in the ecosystem, such as commercial banks and merchant partners as the goal of a CBDC is to eventually play a key role in in the overall payment ecosystem of a given jurisdiction.