BIS advises central banks to plan in advance for CBDC security

cointelegraph.com:

Issuing a central bank digital currency (CBDC) requires adequate attention to security, the Bank for International Settlements (BIS) reminded central bankers in a report on Nov. 29. An integrated risk-management framework should be in place starting at the research stage, and security should be designed into a CBDC, the report said.

The risks associated with CBDCs will vary across countries, as conditions and goals vary, and they will change over time, requiring continual management. These risks can be broken down into categories and a wide array of individual factors, the study demonstrated. The risks grow with the scale and complexity of the CBDC. In addition:

Cybersecurity may be challenged by other countries, hackers, users, vendors or insiders. The study identified 37 potential “cyber security threat events” from eight specific risks. Distributed ledger technology may be unfamiliar to a central bank and so not undergo full vetting or cause overdependence on third parties.

Related: Security audits ‘not enough’ as losses reach $1.5B in 2023, security professional says

The study suggests an integrated risk management framework to mitigate CBDC risks.

Despite the limited use of CBDCs in real life so far, several examples of risk management failure can be found. China found it was unprepared for the data storage requirements after it launched its digital yuan pilot. The Eastern Caribbean Central Bank’s DCash, a live CBDC, suffered a two-month outage in early 2022 due to an expired certificate in the software.

The head of the Bank for International Settlements (@BIS_org) has highlighted the need for vigilance and preparedness for the “constantly evolving” security challenges facing central bank digital currencies (#CBDCs)