The Bank for International Settlements (BIS) recently released a framework aimed at protecting central bank digital currencies (CBDCs) from cybersecurity risks.
According to BIS, cyber attacks on critical infrastructure are among the top five risks that could have the greatest impact on a global scale.
“Central bank digital currency (CBDC) systems would be considered a critical national infrastructure, much like real-time gross settlement (RTGS) systems are today. Recent examples of smart contract hacks, which have led to the loss of a significant amount of value in DeFi, serve as an example of the potential security risks CBDC systems could face.”
According to the report, the BIS emphasized the importance of security frameworks in ensuring the confidentiality, integrity, and availability of transactions involving central bank digital currencies (CBDCs).
The framework says CBDCs must possess inherent capabilities to adapt and accommodate sudden increases in transaction volumes, ensuring their scalability. They should be designed without any vulnerable points that could result in system failure. Additionally, CBDCs should operate continuously without interruptions, even if the underlying financial institution encounters technical issues or outages.
Collectively, the seven procedures outlined in the framework encompass a total of 104 control objectives. These objectives include actions such as:
- Implementing a continuous monitoring and alerting system that operates around the clock
- Conducting thorough assessments of the security of cryptographic keys
- Employing a Distributed Denial of Service (DDoS) protection service to mitigate excessive network traffic
To effectively implement the framework, the BIS recommended the creation of a central bank senior leadership and board, the appointment of a chief security officer, and the formation of various teams specializing in information technology, security, and stakeholder management.
Specifically, central banks could use the framework to:
- Recognise the complexity and new threat landscape brought by CBDC systems
- Adopt modern enabling technologies supporting security and resilience where
appropriate - Take stock of existing capabilities that could be leveraged for a CBDC system
- Identify the capabilities that need to mature
- Identify new capabilities that would need to be implemented
______________________________________
