BIS Develops Framework Against CBDC Cyberattacks

The Bank for International Settlements (BIS) published a program to protect central bank digital currencies (CBDC) from cyberattacks due to the growing number of attacks on the DeFi sector.

As part of the BIS’s Project Polaris, a report detailing a security framework for CBDC systems was published. The BIS officials note that the framework they’ve developed will ensure the confidentiality, integrity, and availability of transactions using government digital currencies. 

According to the report, CBDCs should be designed to:

• have the ability to dynamically scale to respond to a sudden surge in transaction volume;
• have no single point of failure;
• operate 24/7 without downtime;
• function even if the issuing financial institution experiences problems.

In the report, the BIS analysts identified seven key steps, comprising 104 phases, to provide a secure environment for CBDC projects. Each of these steps is designed to protect CBDCs from various security threats, not only at the IT development level, but also at the project management control level.

Here are some of them:

1. The central bank must allocate sufficient resources to implement and manage the CBDC security and resilience program.
2. Establishing communication with relevant supervisory authorities regarding reporting and resolution of incidents affecting the CBDC system should be established.
3. Developing a detailed plan to respond to potential threats and testing and updating it regularly.
4. Systematically conducting internal and external security audits.
5. Ensuring protection against DDoS attacks and malware, including ransomware.
6. Regularly checking the integrity of hardware. 
7. Ensuring that CBDC wallets can interoperate with each other even in the event of failures or other technical issues with providers. 

The report also states that to fulfill the established framework, the BIS calls on central banks to set up a special council to oversee the implementation of all steps and phases. This board should include not only technical and security experts, but also representatives of bank management.

Representatives of the Bank for International Settlements believe that CBDCs and tokenized assets can form a basis for a new financial market infrastructure. Thus, within the framework of Project Polaris, the BIS has already studied the possibility of using CBDCs for offline payments, emphasizing the potential privacy threats associated with them. As a result of Project Icebreaker, the organization reported on the successful testing of CBDCs for cross-border payments.