CBDCs require governments to put a special focus on security

Published at: Sept. 6, 2022

Today’s financial world is becoming increasingly digitized, and naturally, central banks want to adapt to the changing environment. The use of cash is rapidly declining. Globally, the rise of digital payment apps and COVID-19 have only accelerated the decline in cash usage, fueling interest in digital currencies and demand for easier payment solutions.

As crypto adoption continues to expand, the idea of central bank digital currencies (CBDCs) has also gained momentum. Governments across the world have been flirting with, and examining, the idea of issuing their own CBDCs, with a handful already launching.

It isn’t clear when CBDCs will become normalized. Don’t expect CBDCs to resemble Bitcoin’s (BTC) decentralized characteristics because, by definition, a central bank is a centralized entity. That being said, they can provide some of the same benefits, such as reducing payment verification times and providing proof of transaction. There are, however, still quite a few challenges to overcome.

Related: Built to fall? As the CBDC sun rises, stablecoins may catch a shadow

Among these challenges are the operational risks of the “cyber sphere.” While banks are accustomed to investing resources in safeguarding their “fiat” reserves, safeguarding digital currencies requires a different mindset. Blockchain technology has some inherent vulnerabilities — including anonymity and irreversibility — that can be exploited by clever scammers. Although, it’s not clear if CBDCs will leverage blockchain technology.

Could CBDCs potentially expose central banks to new types of cyber threats? And how would these potential threats or vulnerabilities manifest themselves?

Cybersecurity isn’t easy

Hackers have become increasingly sophisticated and brazen in their attacks over the last few years. Both traditional finance and blockchain protocols find themselves victims of malicious intent. In fact, Denmark’s central bank was hacked as part of the SolarWinds operation in late 2020. This should sound alarm bells for governments everywhere.

Imagine a group of dedicated hackers finds, penetrates and gains access to a backdoor that gives them control of the central bank’s private key. Private keys are the most important elements of a blockchain system, as any transactions conducted with the private key are registered by the system as valid and secure. At this point, the bulk — or a significant chunk — of the country’s treasury could effectively be held hostage by a criminal organization. The hacker could mint or burn digital currency at will.

An influx or reduction in a digital currency could affect the value of the genuine currency, have an impact on consumers through inflation, and lead to monetary losses for companies. A breach to this extent could be catastrophic and potentially lead to the devastation of the nation’s entire economy. Of course, an attack of this scale would be far too advanced for even some of the most talented criminal masterminds, but the threat cannot be dismissed. Such an attack would be unprecedented, so predicting the aftermath is anyone’s guess. But it wouldn’t be pretty: The world’s economic and political order and stability would, undoubtedly, be tested.

Clearly, any government would spend top dollar on cyber defenses to protect its newly established digital infrastructure. But simply investing an abundance of resources isn’t a guarantee against hacks. Naturally, any central bank launching a digital currency would be an attractive target.

So how can a country that is determined to launch its own CBDC protect its treasury from criminals trying to steal it?

Securing the national treasury

Disincentivizing malicious cyber attackers is no easy task — they are always on the lookout for new and rewarding targets while exploiting the slightest vulnerabilities. Crypto hackers are adept at identifying attack surfaces, exploiting them, injecting malicious code, and taking control of individuals’ and organizations’ private keys.

Banks invest millions, if not billions, each year to defend their databases and IT infrastructure. Various security layers are employed to protect against hackers, inside jobs or unintentional leakage of sensitive information. While banks are familiar with information security, safeguarding digital assets requires a vastly different approach than traditional assets.

If they decide to leverage blockchain, central banks must consider how existing banking frameworks can be adapted to blockchain’s distributed architecture, with extra attention paid to the system architecture, governance and consensus mechanisms.

When it comes to safeguarding a nation’s treasury, there is no such thing as “too secure.” In the case of CBDCs, banks must take great measures to protect and defend their private keys. Today’s custody solutions have come a long way, and yet, almost all of them suffer from the same deficit. Due to the anatomy of a blockchain transaction, all transactions must be conducted while connected to the internet at some point.

Related: US central bank digital currency commenters divided on benefits, unified in confusion

This connectivity is their single point of failure and the reason they cannot be 100% secure. It is suggested that governments find a “never internet-connected” solution to store and manage the private keys while issuing the CBDCs, providing custody and conducting on-chain settlements.

Most central banks are rightfully taking their time and conducting all the necessary due diligence to weigh the risks and rewards of CBDCs properly. Some may actually decide to push off their involvement, especially given the crypto market’s volatility. But any nation implementing a CBDC in the near future must make sure it’s ready to defend its digital assets and, most importantly, its private keys.

When it comes to blockchain, central banks should completely rethink everything they know about IT security needs. Only then can they launch their digital currencies with enough peace of mind.

Lior Lamesh is the co-founder and CEO of GK8, a blockchain cybersecurity company that offers a custodial solution for financial institutions. Having honed his skills in Israel’s elite cyber team reporting directly to the prime minister’s office, Lior led the company from its inception to a successful acquisition for $115 million in November 2021. In 2022, Forbes put Lior and his business partner Shahar Shamai on its 30 Under 30 List.

Tags
Adoption
Cryptocurrencies
Government
Central Bank
Banking
Cbdc
Cybersecurity
Banks
Security
Related Posts
What form of digital assets will be the future of payments?
We’re living in a time where digital assets are moving towards mainstream adoption. From retail customers to traditional banks and financial service providers, digital assets are on the rise. Many of these assets promised to disrupt financial markets and large incumbents, and while they have received widespread attention, they haven’t quite achieved their potential. That said, large institutions are taking notice — 86% of the world’s central banks are exploring digital currencies, according to a report by the Bank for International Settlements. They recognize that despite being in a golden age of innovation, payment systems remain somewhat archaic. And so, …
Adoption / Aug. 7, 2021
Digital ruble could be still vulnerable to fraud, Russian banks warn
Russia’s central bank digital currency, or CBDC, could contain a number of risks related to cybersecurity and fraud, according to several local financial institutions. The Association of Russian Banks, or ARB, has released its official feedback on Russia’s digital ruble project on Jan. 13. The study included 17 ABR credit institutions in Russia accounting for 58% of the total assets of the domestic banking system. According to the report, the majority of ARB members believe that risks associated with the digital ruble are similar to those of cashless transactions powered by banking accounts and cards, as well as cryptocurrencies. The …
Technology / Jan. 13, 2021
UK will likely need to issue a digital currency, says BoE deputy governor
The Bank of England's deputy governor Jon Cunliffe has argued that a sea change in the issuance and circulation of public and private monies could make general access to a digital form of central bank money crucial for ensuring financial stability in future. In a speech at the OMFIF Digital Money Institute in London, Cunliffe reflected on past, present and future trends in the widespread use of private money issued by commercial banks, noting that the COVID-19 pandemic has accelerated existing trends away from public to private money for everyday payments. About 70% of respondents to a recent Bank of …
Adoption / May 14, 2021
China’s Central Bank Completes Top-Layer Design and Joint Tests of Planned CBDC
The central bank of China has completed the top-layer design and joint testing of its soon-to-be-released central bank digital currency (CBDC). As domestic news outlet Sina reported on Jan. 10, People’s Bank of China (PBoC) accomplished the top-layer design of the planned digital yuan, developed relevant standards, carried out research and development and a joint testing of the CBDC. The bank set forth the latest developments in a dedicated article, also highlighting plans to improve cybersecurity of the financial industry network and formulate rules for the accreditation of critical information infrastructure. First real-world tests Reports about China planning to conduct …
Adoption / Jan. 10, 2020
Japanese Official Calls for Urgent Development of Digital Yen to Counter China
Another Japanese lawmaker has publicly called for the swift development of the digital yen. The head of the banking and finance systems research commission at Japan's Liberal Democratic Party, Kozo Yamamoto, said today that the country should create a digital yen in two to three years. Reuters reported on Feb. 10 that Yamamoto said that plans for its central bank digital currency (CBDC) should be included in the government’s mid-year policy guidelines. He explained that digital currencies could quickly spread in emerging economies and help China — who is working on a CBDC — advance its digital hegemony. Because of …
Blockchain / Feb. 10, 2020