In our previous article, we defined Central Bank Digital Currencies and outlined the appeal and drawbacks of the technology in comparison to the current financial system.
Arguably, the most prominent concern of major economies issuing CBDCs is cyber security. Breaches can result in significant, instantaneous, and widespread damage. Developers must exceedingly fortify security from inception. Like any digital payment system, it has drawbacks under intense scrutiny throughout the development and pilot testing stages (Hansen and Delak, 2022. Minwalla, 2020).
From the WEF whitepaper on CBDCs (2021), a paper from The Bank of Canada (2020), an IMF paper (2020) and our input – we can distil and outline seven main areas for consideration for their long-term success.
Large Scale Attack
Malicious insiders with privileged control such as freezing, transferring, withdrawing funds without the account holder’s consent are obvious causes for concern.
Central banks and third-party intermediaries must have a robust security system and response plans in place – potentially involving multi-party and multiple-factor authentication mechanisms to mitigate this potential vulnerability.
Typical credential theft methods such as social engineering, malware, and side-channel attack will likely be employed against individuals, organisations, and institutions.
Security features such as two-factor authentication (2FA) or even multi-party are also likely to be used. However, they come with user experience drawbacks. Credential and monetary recovery is an essential function that needs close consideration – legacy system recovery methods (using privileged actors) may be applicable but will likely require careful augmentation.
A crucial aspect in the success of CBDCs is the level of system corruptibility.
There are a few potential threats to the integrity of CBDCs, such as counterfeit and double-spending – injecting false value through transacting duplicates of the held amount.
Additional mechanisms must be developed to reliably flag and eradicate duplicate spending.
Potential routes include consensus mechanisms on the distributed ledger and tamper-proof mechanisms in hardware devices such as spend frequency flags and restrictions.
General CBDCs will use personally identifiable information (PII) such as ‘know your customer’ (KYC).
Unlike physical cash, transactions are on record as a part of their use case to dramatically hinder money laundering (AML), terrorist financing (ATF), and other crime. Central banks and intermediaries must ensure that this information is kept secure across both physical and virtual planes, as the threat and implication of confidential information theft or loss is relatively high. To mitigate this risk, records of PII should be as minimal as possible, and access to data must require layered protocols.
Threats will emerge parallel to the evolution of computing and the technological foundations that CBDCs are built upon. Permissioned ledgers and centralised systems can be updated and secured quite easily. On the other hand, as previously mentioned, dedicated devices are a liability to a network’s security. A potential security mechanism is an expiry or a limit on device integration. Companies already intentionally hinder the lifespan of their devices. The risks from unpatched devices would fall significantly as a result.
Developers must employ highly robust and agile cyber security solutions from the foundations up to ensure the success of CBDCs and the stability of the financial system. There is a range of aspects under close consideration, with many more minor related challenges extending beyond the scope of this article.
Adversaries and criminal syndicates with enough resources will predictably use persistent attacks and target both – components supporting the infrastructure and the end-users.
Distributed ledger technology (DLT) is vulnerable to persistent attacks as the technology relies on network interaction.
Large scale attacks are commonly denial of service – developers could incorporate variations of DNS level mitigation such as the Cloudflare solution to prevent large scale attacks across all levels of the network(s).
Overall security considerations also include multiple components and sub-components to the networks to isolate and minimise potential damages.
Developers may incorporate interoperability with dedicated devices for offline functionality.
This solves many issues but also creates more potential threats.
In context, network problems or a compromised connection could restrict access to funds. Incorporating dedicated devices and even potential smartphone integration may be a viable user experience enhancing work-around. However, these solutions must be just as rigorously fortified against tampering and other threats such as infected applications hosted on the same device, connection to various unsecured public networks, and more.
We hope this article has given you valuable insight. Click here to learn how we can leverage our industry-leading abilities to secure and enhance your organisation.