BIS advises central banks to plan in advance for CBDC security

News Feed - 2023-11-30 03:11:00

Derek Andersen5 hours agoBIS advises central banks to plan in advance for CBDC securityFrom legal issues to hackers, launching a CBDC is fraught with risks, and BIS has a big list of them to consider.3580 Total views5 Total sharesListen to article 0:00NewsJoin us on social networksIssuing a central bank digital currency (CBDC) requires adequate attention to security, the Bank for International Settlements (BIS) reminded central bankers in a report on Nov. 29. An integrated risk-management framework should be in place starting at the research stage, and security should be designed into a CBDC, the report said.

The risks associated with CBDCs will vary across countries, as conditions and goals vary, and they will change over time, requiring continual management. These risks can be broken down into categories and a wide array of individual factors, the study demonstrated. The risks grow with the scale and complexity of the CBDC. In addition:“A key risk are [sic] the potential gaps in central banks’ internal capabilities and skills. While many of the CBDC-related activities could in principle be outsourced, doing so requires adequate capacity to select and supervise vendors. […] A number of operating risks for CBDC stem from human error, inadequate definitions or incomplete planning.”

Cybersecurity may be challenged by other countries, hackers, users, vendors or insiders. The study identified 37 potential “cyber security threat events” from eight specific risks. Distributed ledger technology may be unfamiliar to a central bank and so not undergo full vetting or cause overdependence on third parties.

Related: Security audits ‘not enough’ as losses reach $1.5B in 2023, security professional says

The study suggests an integrated risk management framework to mitigate CBDC risks.Proposed CBDC resilience framework. Source: BIS

Despite the limited use of CBDCs in real life so far, several examples of risk management failure can be found. China found it was unprepared for the data storage requirements after it launched its digital yuan pilot. The Eastern Caribbean Central Bank’s DCash, a live CBDC, suffered a two-month outage in early 2022 due to an expired certificate in the software.The head of the Bank for International Settlements (@BIS_org) has highlighted the need for vigilance and preparedness for the “constantly evolving” security challenges facing central bank digital currencies (#CBDCs) in a keynote speech #CBDC #cybersecurity— Global Government Fintech (@GlobeGovFintech) November 13, 2023

On the other hand, the DCash pilot project had been considerably expanded the previous year to provide support in Saint Vincent and the Grenadines after a volcanic eruption there, improving the currency’s resilience, the study reminded.

Magazine: HTX hacked again for $30M, 100K Koreans test CBDC, Binance 2.0: Asia Express# Central Bank# Adoption# Cybercrime# Cybersecurity# BIS# CBDCAdd reactionAdd reactionRead moreSolana’s genesis story: Anatoly Yakovenko’s vision for a high-performance blockchainMainstream approval critical for blockchain games — Gaming execsLazarus used ‘Kandykorn’ malware in attempt to compromise exchange — Elastic