The Bank for International Settlements (BIS) Innovation Hub Nordic Centre just released two papers as part of Project Polaris, delving into the intricate world of cybersecurity surrounding central bank digital currencies (CBDCs). The papers offer valuable insights into threat assessments derived from the decentralized finance (DeFi) realm and present a comprehensive CBDC cybersecurity framework. The Nordic BIS Innovation Hub’s aim is to aid central banks and technology providers in identifying and addressing potential risks in this rapidly evolving landscape.
Understanding Threat Assessments: Lessons from DeFi
The first paper released last Friday focuses on threat assessments by leveraging learnings from the DeFi sphere, shedding light on the potential risks associated with CBDC implementation. It highlights the existing and novel cybersecurity risks, drawing attention to the programmable and automated nature of digital currencies. By citing instances of DeFi smart contract hacks, the document emphasizes the potential magnitude of losses resulting from security breaches.
The CBDC Cybersecurity Framework
The second paper also released in the same period provides a comprehensive CBDC cybersecurity framework, recognizing the complexity and extensive attack surface of a potential CBDC system. Addressing the increased risks associated with the adoption of novel technologies such as distributed ledger technology (DLT) and smart contracts, the framework aims to assist central banks and jurisdictional bodies in developing robust security measures.
Identifying Potential Threat Actors
The BIS Innovation Hub’s research identifies a wide range of potential threat actors targeting CBDCs. These include nation states or nation state-sponsored groups, organized crime groups, hacktivist groups, lone hackers, professional criminals, insiders, malicious end users, hacked third-party tech providers, natural or human-caused disasters, cyber warfare vendors, and even AI bots. Basically, recognizing the diverse range of adversaries underscores the need for comprehensive security measures for these digital assets.
The Seven-Step Framework: Addressing Risks and Preparing for the Future
In response to the identified threats, project Polaris introduces a seven-step framework to tackle the cybersecurity risks surrounding CBDCs. This framework, consisting of Prepare, Identify, Protect, Detect, Respond, Recover, and Adapt, serves as a guide for central banks to proactively address potential vulnerabilities. Each step within the framework includes a detailed checklist, providing central banks and technology providers with a comprehensive overview of security considerations.
Implications and Opportunities
The CBDC cybersecurity framework outlined by the BIS Innovation Hub has broader implications for central banks and technology providers. By identifying areas that require development, both internally and across jurisdictions, central banks can ensure the robustness of their CBDC systems. Additionally, the framework offers valuable insights to technology providers, guiding them in meeting the expectations and seizing the opportunities presented by CBDC implementation.
Offline CBDC Options Explored
In addition to the papers on cybersecurity, Project Polaris has also produced a book outlining offline CBDC options. This comprehensive exploration of offline CBDC mechanisms serves as a valuable resource for central banks and stakeholders, offering alternative approaches and enhancing the understanding of offline transaction capabilities.
Final Thoughts
As central banks and governments worldwide explore the potential of CBDCs, addressing the cybersecurity risks associated with these digital currencies becomes paramount. The BIS Innovation Hub’s Project Polaris contributes valuable knowledge and tools, enabling central banks and technology providers to navigate the complexities of CBDC implementation and protect the integrity of the financial ecosystem.