The Bank for International Settlements’ New Project Polaris will investigate how to protect retail central bank digital currencies (CBDCs) operations from risks posed by cyber threats.
The BIS said a hack of the Bangladesh Bank and numerous decentralized finance hacks in 2022 underscores the need to harden the infrastructure banks intending to issue CBDCs must use. Threat actors could destabilize economies and erode central bank trust if retail CBDC operations are not protected by a resilient cybersecurity framework.
BIS Says Fighting Cyber Threat Risk in Two-Tier CBDC System Needs Cooperation
The BIS model assumes a two-tier CBDC system where the central bank knows the balances of each member. Commercial banks handle retail functions and are responsible for anti-money laundering enforcement.
Dubbed Project Polaris, the new resilience framework will prompt banks to assess their baseline operations, including management structures, plans for business continuity, and how they protect data. Then, they can streamline software security testing through DevSecOps, a method to develop software quickly without compromising security. Other important considerations include zero-trust technologies.
Moreover, banks need to assess threats to core CBDC operations and the responsibilities each party has. Retail endpoints must be hardened and user data protected with established methods to prevent leaks. In addition, each bank should have a dedicated emergency team, and the CBDC system must scale to minimize the risk of denial of service attacks.
Banks must also share cyber intelligence, establish a normal transactional activity baseline, and conduct regular security checks.
AnChain.ai, a company using artificial intelligence to fight cyber threats in DeFi, says the time a project takes to detect a hack is seven days.
Learn here the primary differences between crypto and banking.
Like in the BIS framework, cloud services and wallet frontend endpoints expand the attack surface for Web3 users. AnChain’s Web3SOC cyber risk framework shares best practices from the National Institute of Standards with the BIS proposals.
Retail CBDC Payments Like Digital Euro Still Theoretical
So far, major economies and banks have largely focused on testing settlements between banks rather than retail payments. Concerns abound about whether banks would abandon their data privacy policy.
The UK’s project Rosalind is an exception, which successfully tested retail peer-to-peer payments last month.
Elsewhere, European Union citizens are not keen on the window a digital euro would offer into their personal transactions. Additionally, the public consensus is that the project could be a solution in search of a problem.
The UK tested a Real-Time Gross Settlement System earlier this year to help banks settle transactions faster. FedNow, a similar project aimed at US banks, has onboarded 57 trial participants. It will roll out in late July.
Yesterday, the New York Fed confirmed a trial with BNY Mellon, Citigroup, Morgan Stanley, and others, proving a wholesale CBDC’s speed advantage.
Got something to say about risks CBDCs face from cyber threats or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.
Trusted
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
