A Cyber Security Plan For Digital Currency

Uploaded on 2023-08-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY-Key Areas-Blockchain

The Bank for International Settlements (BIS) has laid out a seven-point plan designed to help countries prevent cyber hacks on the new wave of digital national currencies, which are under development. About 130 countries are now exploring Central Bank Digital Currencies (CBDC) to keep up with technological change, but there are worries that the online nature of them could make them a major target for criminals and hostile states.

The BIS acts as an umbrella body for the US Federal Reserve, European Central Bank, Bank of England and other central banks around the world and has been coordinating a lot of work on CBDC development. Now, in two interlinked reports it warned that CBDC systems were, “complex, with a large attack surface and many potential points of failure, bringing new and elevated risks.”

Analysis of past cyber attacks also revealed “gaps” in the security attack modeling systems of the more technologically advanced CBDCs and that the “mean time to attack”,  the time it took for hackers to successfully compromise a blockchain-type setup, was only around 10 months on average.

“This is a key point to note for central banks about to launch a CBDC, they must be thoroughly prepared to adequately monitor and repel both well understood and novel” cyber attacks, the BIS said.

The worry is that a successful attack on a CBDC could seriously erode public confidence in the new currencies as well as the central banks themselves and the wider financial system.

Hackers have struck a number of central banks in recent years from New Zealand to Bangladesh. According to crypto research firm Elliptic, users of crypto currency, non-fungible tokens and other digital assets lost $10.5 billion due to theft in 2021.

The BIS called its seven-point plan the "Polaris security and resilience framework".

Specifically, it calls on central banks to:

  • Recognise the complexity and new threat landscape brought by CBDC systems.
  • Adopt modern enabling technologies supporting security and resilience where appropriate.
  • Take stock of existing capabilities that could be used by a CBDC system.
  • Identify areas that need to improve and new capabilities that need to be implemented.

It also called for central banks to use the global MITRE ATT&CK database of past cyber attacks, and for an “official extension” of the MITRE ATT&CK framework to help central banks strengthen their security measures.

BIS:     BIS:     Business Insurance:    Reuters:   Economic Times:     Yahoo

You Might Also Read: 

Crypto Currency: From Bitcoin to Blockchain:  

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Who Practices Digital Safety Better, Mac Or Windows Users?
TrueBot: Cyber Security Agencies Issue A Warning »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

Yokogawa Electric

Yokogawa Electric

Yokogawa is an electrical engineering company providing measurement, control, and information technologies including industrial cyber security.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

National Center for Manufacturing Sciences (NCMS) - USA

National Center for Manufacturing Sciences (NCMS) - USA

NCMS is a cross-industry technology development consortium, dedicated to improving the competitiveness of the US industrial base. Strategic initiatives include industrial cyber security.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

Savanti Consulting

Savanti Consulting

Savanti provides practitioner-led cyber security services tailored to meet each organisation’s unique requirements.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

Crypsis

Crypsis

Crypsis was built based on a shared vision of creating a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services.

KDM Analytics

KDM Analytics

KDM Analytics software products automate the NIST risk management framework (RMF) assessment for operational technology (OT) systems.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Ronet Cyber Security

Ronet Cyber Security

Ronet Cyber Security offers crypto forensics services for regulators, law enforcement, companies and individuals to ensure that your transactions are safe and secure.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.