Central Bankers Address Cyber Threats to Digital Currencies

andre-francois-mckenzie-iGYiBhdNTpE-unsplash-scaled-e1689048075388

The Bank for International Settlements (BIS), often referred to as the central bankers’ central bank, has unveiled a comprehensive plan to safeguard digital national currencies against cyberattacks. With approximately 130 countries exploring the development of central bank digital currencies (CBDCs), concerns have arisen regarding the potential vulnerabilities of these online assets to criminal activities and hostile state interference. The BIS, acting as an umbrella organization for central banks worldwide, has taken the lead in coordinating efforts to address these risks and ensure the secure implementation of CBDCs.

The Complexity of CBDC Systems
In its recently published reports, the BIS highlighted the complexity of CBDC systems, noting their large attack surface and multiple potential points of failure, which introduce new and heightened risks. The analysis of past cyberattacks also revealed gaps in the security attack modeling systems of technologically advanced CBDCs, with the average “mean time to attack” being only around 10 months for successful compromises of blockchain-type setups.

Preparedness and Monitoring
The BIS emphasized the importance of thorough preparation for central banks planning to launch a CBDC. It stressed the need to adequately monitor and repel both well-understood and novel cyberattacks, as a successful breach could severely undermine public confidence in the new currencies, central banks, and the broader financial system. Recent incidents, including attacks on central banks in Denmark and Bangladesh, serve as reminders of the potential risks involved. According to crypto research firm Elliptic, theft resulted in a staggering $10.5 billion loss for users of cryptocurrencies, non-fungible tokens, and other digital assets in 2021.

The Polaris Security and Resilience Framework
The BIS introduced its seven-point plan, known as the “Polaris security and resilience framework,” to guide central banks in safeguarding CBDCs. The plan calls for central banks to recognize the complexity and new threat landscape brought by CBDC systems, adopt modern enabling technologies to bolster security and resilience, evaluate existing capabilities that can be leveraged, identify areas requiring improvement, and implement new capabilities as necessary. Additionally, the BIS recommends the use of the global MITRE ATT&CK database of past cyberattacks and suggests an official extension of the MITRE ATT&CK framework to assist central banks in enhancing their security measures.

As the development of central bank digital currencies gains momentum worldwide, the BIS has underscored the critical importance of addressing cyber threats. The Polaris security and resilience framework provides valuable guidance to central banks, enabling them to navigate the complexities of CBDC systems and fortify their defenses against cyberattacks. By implementing robust security measures, central banks can instill confidence in CBDCs, protect their integrity, and safeguard the stability of the global financial system.