On July 7, the Bank for International Settlements (BIS), a financial institution owned by constituent central banks, published a framework for defending central bank digital currencies (CBDCs) against cybersecurity threats. The BIS wrote:
“Recent examples of smart contract hacks, which have led to the loss of a significant amount of value in DeFi, serve as an example of the potential security risks CBDC systems could face.”
In its report, the BIS said security frameworks should safeguard the confidentiality, integrity, and availability of CBDC transactions. By design, CBDCs must be able to dynamically scale to respond to a sudden surge in transaction volumes, have no single points of failure, operate 24/7 without outages, and function even if their underlying financial institution experiences an outage. Moreover:
“To organise the control objectives that have been identified and adapted for CBDC systems. This framework therefore has seven steps: Prepare, Identify, Protect, Detect, Respond, Recover and Adapt.”
Together, the seven procedures translate into 104 control objectives such as “24/7 monitoring and alerting function,” doing due diligence “on the security of cryptographic keys,” and “using a DDoS protection service” to alleviate network traffic volume. To execute the framework, BIS called for the establishment of a central bank senior leadership and board, a chief security officer, and various IT, security, and stakeholder teams.
Although cautious about decentralized finance, BIS has been adamantly supporting the adoption of CBDCs. On June 20, the financial organization published a unified-ledger proposal for cross-border and tokenized asset transactions. In April, BIS concluded a distributed ledger technology plot with the Bank of England.