A Cyber Security Plan For Digital Currency

The Bank for International Settlements (BIS) has laid out a seven-point plan designed to help countries prevent cyber hacks on the new wave of digital national currencies, which are under development. About 130 countries are now exploring Central Bank Digital Currencies (CBDC) to keep up with technological change, but there are worries that the online nature of them could make them a major target for criminals and hostile states.

The BIS acts as an umbrella body for the US Federal Reserve, European Central Bank, Bank of England and other central banks around the world and has been coordinating a lot of work on CBDC development. Now, in two interlinked reports it warned that CBDC systems were, “complex, with a large attack surface and many potential points of failure, bringing new and elevated risks.”

Analysis of past cyber attacks also revealed “gaps” in the security attack modeling systems of the more technologically advanced CBDCs and that the “mean time to attack”,  the time it took for hackers to successfully compromise a blockchain-type setup, was only around 10 months on average.

“This is a key point to note for central banks about to launch a CBDC, they must be thoroughly prepared to adequately monitor and repel both well understood and novel” cyber attacks, the BIS said.

The worry is that a successful attack on a CBDC could seriously erode public confidence in the new currencies as well as the central banks themselves and the wider financial system.

Hackers have struck a number of central banks in recent years from New Zealand to Bangladesh. According to crypto research firm Elliptic, users of crypto currency, non-fungible tokens and other digital assets lost $10.5 billion due to theft in 2021.

The BIS called its seven-point plan the "Polaris security and resilience framework".

Specifically, it calls on central banks to:

  • Recognise the complexity and new threat landscape brought by CBDC systems.
  • Adopt modern enabling technologies supporting security and resilience where appropriate.
  • Take stock of existing capabilities that could be used by a CBDC system.
  • Identify areas that need to improve and new capabilities that need to be implemented.

It also called for central banks to use the global MITRE ATT&CK database of past cyber attacks, and for an “official extension” of the MITRE ATT&CK framework to help central banks strengthen their security measures.

BIS:     BIS:     Business Insurance:    Reuters:   Economic Times:     Yahoo

You Might Also Read: 

Crypto Currency: From Bitcoin to Blockchain:  


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Who Practices Digital Safety Better, Mac Or Windows Users?
TrueBot: Cyber Security Agencies Issue A Warning »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

Symantec Ventures

Symantec Ventures

Symantec Ventures is an active, strategic partner at key stages of a startup’s growth. We are dedicated to helping visionary entrepreneurs protect the Cloud Generation.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Lifetech

Lifetech

Lifetech is a software development, product engineering and system integration company. Cybersecurity services include SIEM deployment and training.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

ISECURION Technology & Consulting

ISECURION Technology & Consulting

ISECURION is an information security consulting company. We provide a unique blend of services to our customers catering to the current information security landscape.

Cybecs Security Solutions

Cybecs Security Solutions

Cybecs was founded to address rapid technological advancement, changing business models, global privacy regulations, and increasing cyber threats for global organizations.