A Cyber Security Plan For Digital Currency

The Bank for International Settlements (BIS) has laid out a seven-point plan designed to help countries prevent cyber hacks on the new wave of digital national currencies, which are under development. About 130 countries are now exploring Central Bank Digital Currencies (CBDC) to keep up with technological change, but there are worries that the online nature of them could make them a major target for criminals and hostile states.

The BIS acts as an umbrella body for the US Federal Reserve, European Central Bank, Bank of England and other central banks around the world and has been coordinating a lot of work on CBDC development. Now, in two interlinked reports it warned that CBDC systems were, “complex, with a large attack surface and many potential points of failure, bringing new and elevated risks.”

Analysis of past cyber attacks also revealed “gaps” in the security attack modeling systems of the more technologically advanced CBDCs and that the “mean time to attack”,  the time it took for hackers to successfully compromise a blockchain-type setup, was only around 10 months on average.

“This is a key point to note for central banks about to launch a CBDC, they must be thoroughly prepared to adequately monitor and repel both well understood and novel” cyber attacks, the BIS said.

The worry is that a successful attack on a CBDC could seriously erode public confidence in the new currencies as well as the central banks themselves and the wider financial system.

Hackers have struck a number of central banks in recent years from New Zealand to Bangladesh. According to crypto research firm Elliptic, users of crypto currency, non-fungible tokens and other digital assets lost $10.5 billion due to theft in 2021.

The BIS called its seven-point plan the "Polaris security and resilience framework".

Specifically, it calls on central banks to:

  • Recognise the complexity and new threat landscape brought by CBDC systems.
  • Adopt modern enabling technologies supporting security and resilience where appropriate.
  • Take stock of existing capabilities that could be used by a CBDC system.
  • Identify areas that need to improve and new capabilities that need to be implemented.

It also called for central banks to use the global MITRE ATT&CK database of past cyber attacks, and for an “official extension” of the MITRE ATT&CK framework to help central banks strengthen their security measures.

BIS:     BIS:     Business Insurance:    Reuters:   Economic Times:     Yahoo

You Might Also Read: 

Crypto Currency: From Bitcoin to Blockchain:  


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Who Practices Digital Safety Better, Mac Or Windows Users?
TrueBot: Cyber Security Agencies Issue A Warning »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Physec

Physec

Physec offers innovative security products and solutions for the Internet of Things ecosystem.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Cyberteq

Cyberteq

Cyberteq is an innovative Information and Communication Technology Consulting Company, enabling it’s customers to take full advantage of the latest technologies in a secure manner.

TES

TES

TES is a provider of IT Lifecycle Services, offering bespoke solutions that help customers manage the commissioning, deployment and retirement of Information Technology assets.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

SecureDrives

SecureDrives

Passwordless Authentication & Encrypted Data Storage Solutions from SecureDrives. We are enabling organisations to work safely and securely, using technology driven solutions.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

VikingCloud

VikingCloud

VikingCloud (formerly Sysnet Global Solutions) offers organizations an integrated cybersecurity and compliance solution to make informed, predictive, and cost-effective risk mitigation and prevention

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

SecureLayer7

SecureLayer7

SecureLayer7 is an international provider of integrated business information security solutions with an innovative approach to IT security.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.