Key takeaways:
- BIS has created a framework to protect CBDCs in the DeFi sector from cyberattacks.
- The BIS stated in its study that security frameworks should protect the availability, confidentiality, and integrity of CBDC transactions.
The Bank for International Settlements (BIS), recognized for promoting global monetary and financial stability, has created a framework to protect CBDCs in the DeFi sector from cyberattacks.
The BIS released a framework, “Project Polaris,” for safeguarding central bank digital currencies (CBDCs) from cybersecurity dangers on July 7. The approach focuses on vulnerabilities related to Distributed Ledger Technology (DLT) and smart contract technologies, which CBDCs frequently use. The BIS noted:
“Recent examples of smart contract hacks, which have led to the loss of a significant amount of value in DeFi, serve as an example of the potential security risks CBDC systems could face.”
Losses in DeFi have been recorded due to earlier smart contract breaches; this exemplifies the possible security problems that systems for digital currencies run by central banks may experience. The report mentioned:
“The large-value attacks on DLT protocols and smart contracts in the DeFi space underscore the potential operational and reputational risks. Recent examples of smart contract hacks, which have led to the loss of a significant amount of value in DeFi, serve as an example of the potential security risks CBDC systems could face.”
The environment of cyber threats has grown increasingly complicated due to the expansion of the internet and telecommunications networks. These dangers could also apply to offline parts of the CBDC infrastructure and are not only confined to online components.
According to the BIS, the dangers may come from DLT-related assaults on consensus protocols, cross-chain bridges, oracles, smart contracts, or offline CBDC components.
The BIS stated in its study that security frameworks should protect the availability, confidentiality, and integrity of CBDC transactions. CBDCs are required to run constantly without interruption for 24 hours a day, have no single points of failure, be able to develop dynamically to manage a sudden rise in transaction volumes and continue to function even if their underlying financial institution fails.
When taken as a whole, the seven steps correspond to 104 control goals, such as “24/7 monitoring and alerting function,” “doing due diligence on the security of cryptographic keys,” and “using a DDoS protection service” to reduce network traffic volume.
BIS required the creation of a central bank senior leadership and board, a chief security officer, and numerous information technology, security, and stakeholder teams to carry out the framework.
Despite being wary of decentralized finance, BIS has steadfastly backed using CBDCs. The financial institution released a unified-ledger proposal for international and tokenized asset transactions on June 20. A distributed ledger technology agreement between BIS and the Bank of England was finalized in April.