A Cyber Security Plan For Digital Currency

Uploaded on 2023-08-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY-Key Areas-Blockchain

The Bank for International Settlements (BIS) has laid out a seven-point plan designed to help countries prevent cyber hacks on the new wave of digital national currencies, which are under development. About 130 countries are now exploring Central Bank Digital Currencies (CBDC) to keep up with technological change, but there are worries that the online nature of them could make them a major target for criminals and hostile states.

The BIS acts as an umbrella body for the US Federal Reserve, European Central Bank, Bank of England and other central banks around the world and has been coordinating a lot of work on CBDC development. Now, in two interlinked reports it warned that CBDC systems were, “complex, with a large attack surface and many potential points of failure, bringing new and elevated risks.”

Analysis of past cyber attacks also revealed “gaps” in the security attack modeling systems of the more technologically advanced CBDCs and that the “mean time to attack”,  the time it took for hackers to successfully compromise a blockchain-type setup, was only around 10 months on average.

“This is a key point to note for central banks about to launch a CBDC, they must be thoroughly prepared to adequately monitor and repel both well understood and novel” cyber attacks, the BIS said.

The worry is that a successful attack on a CBDC could seriously erode public confidence in the new currencies as well as the central banks themselves and the wider financial system.

Hackers have struck a number of central banks in recent years from New Zealand to Bangladesh. According to crypto research firm Elliptic, users of crypto currency, non-fungible tokens and other digital assets lost $10.5 billion due to theft in 2021.

The BIS called its seven-point plan the "Polaris security and resilience framework".

Specifically, it calls on central banks to:

  • Recognise the complexity and new threat landscape brought by CBDC systems.
  • Adopt modern enabling technologies supporting security and resilience where appropriate.
  • Take stock of existing capabilities that could be used by a CBDC system.
  • Identify areas that need to improve and new capabilities that need to be implemented.

It also called for central banks to use the global MITRE ATT&CK database of past cyber attacks, and for an “official extension” of the MITRE ATT&CK framework to help central banks strengthen their security measures.

BIS:     BIS:     Business Insurance:    Reuters:   Economic Times:     Yahoo

You Might Also Read: 

Crypto Currency: From Bitcoin to Blockchain:  

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Who Practices Digital Safety Better, Mac Or Windows Users?
TrueBot: Cyber Security Agencies Issue A Warning »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Site24x7

Site24x7

Site24x7 is an all-in-one performance monitoring solution for Networks, Websites, Servers and Applications.

KZ-CERT

KZ-CERT

KZ-CERT is the national Computer Emergency Response Team for Kazakhstan.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

Newtech Recycyling

Newtech Recycyling

Newtech Recycyling specializes in the removal and disposal of IT infrastructure which has reached the end of its life cycle.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

ContraForce

ContraForce

ContraForce is a threat detection and response software providing complete visibility across cloud, network, endpoints, user, and email with the ability to target and block threats in real-time.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.