The Bank for International Settlements (BIS) recently shared its seven-point plan developed to assist nations with preventing cybersecurity incidents/hacks as a response to the new wave of digital national currencies (or CBDCs) currently under development.
Approximately 130 different countries are currently exploring the feasibility of issuing their own central bank digital currencies (CBDC) in order to keep pace with technological breakthroughs, however, there are concerns that the digital nature of these financial instruments might make them a key target for bad actors and hostile or overly aggressive nation-states.
The BIS (in some ways) serves as an umbrella entity for the US Federal Reserve, European Central Bank, Bank of England and other reserve banks across the globe and has been co-ordinating CBDC-related development work for the past few years.
In reports released this past Friday, the organization cautioned the general public that CBDC systems were, “complex, with a large attack surface and many potential points of failure, bringing new and elevated risks.”
Analysis of previous cyberattacks has now identified certain “gaps” in the security attack modelling systems of the technologically-sound CBDCs and that the “mean time to attack” – the time it takes for cybercriminals/hackers to compromise a blockchain/DLT type set-up – was about 10 months (in an average case/scenario).
BIS noted that this is a key point to note for central banks “about to launch a CBDC, they must be thoroughly prepared to adequately monitor and repel both well understood and novel” cyber attacks.
The main concern is that an effective attack on a CBDC might erode consumer/public confidence in these new forms of virtual currencies and even the reserve banks along with the broader financial ecosystem.
Hackers have managed to attack reserve banks during the past few years from Denmark all the way to Bangladesh.
Research shared by Elliptic reveals that users of digital currency, non-fungible tokens (NFTs) and other forms of virtual assets had lost $10.5 billion because of cyber-theft in 2021.
The BIS now recommends its 7-point plan the “Polaris security and resilience framework”.
It calls on reserve banks to:
- Recognize the complexity and new threat landscape brought by CBDC systems.
- Adopt modern enabling technologies supporting security and resilience where appropriate.
- Take stock of existing capabilities that could be used by a CBDC system.
- Identify areas that need to improve and new capabilities that need to be implemented.
It also called for reserve banks to use the global “MITRE ATT&CK” database of previous cyber attacks/incidents, and for an “official extension” of the MITRE ATT&CK framework in order to assist central banks with strengthening their security measures.