An international financial institution owned by the world’s central banks has published a new framework designed to help members mitigate cyber risks associated with their digital currencies.
A number of countries including the US and UK are developing central bank digital currency (CBDC) systems. The Bank of England has claimed that a “digital pound” would help it provide an “anchor of confidence in our monetary system” and “improve the options people have for making payments.”
However, there’s also an acute and persistent cyber-threat to digital currencies from both financially motivated cybercrime groups and even nation states.
Read more on digital currency threats: US Regulators Warn Banks About Cryptocurrency Security Risks
That’s why the Bank of International Settlements (BIS) on Friday published Project Polaris, a security and resilience framework and threat modelling exercise for CBDCs.
“A breach of a CBDC system due to cyber-attacks or technical failures could erode confidence and trust in the infrastructure, a central bank and potentially the financial system, in addition to generating a range of reputational, operational and legal effects,” the BIS said.
“Many central banks already have robust cybersecurity and resilience measures in place and adhere to the highest of industry standards in controls and risk management. However, risks cannot be fully eliminated and it is critical that senior leadership is aware of potentially new and elevated threats facing CBDC systems, so an appropriate risk management and mitigation strategy can be established.”
The framework features 100 control objectives built around a seven-step plan for security and resilience: prepare, identify, protect, detect, respond, recover, adapt.
BIS said central banks will be able to use the framework to:
- Better understand a new and complex CBDC threat landscape
- Adopt the right technologies for security and resilience
- Understand where existing capabilities could be used for a CBDC system
- Identify the capabilities that need to mature
- Identify new capabilities that will need to be implemented
The framework is intended to serve as a baseline and will be updated regularly as the threat landscape and CBDC technologies evolve.
“Cybersecurity and resilience are essential to underpinning trust in CBDC systems so they work for everyone in society whenever and wherever,” argued Beju Shah, head of the Nordic Centre BIS Innovation Hub. “This framework can help guide central banks in their CBDC initiatives.”