The Bank of International Settlements(BIS) has released a report detailing its plan to protect central bank digital currencies(CBDCs) against hacks and breaches affecting decentralized finance. The report highlights that CBDCs would be considered a critical national infrastructure, similar to the treatment of real-time gross settlement (RTGS) systems.
Protecting CBDCs from DeFi cyber attacks
The BIS Innovation Hub Nordic Centre has published the BIS framework for CBDC systems. This framework considers how a diversified, complex, and quickly changing cyber threat landscape has been produced by the rapid rise of the digital environment and the interconnection of parties and devices reliant on the internet and telecommunications networks.
Notably, the DeFi industry’s cyber attacks that could endanger CBDCs that use DLT and smart contracts technology are the focus of the framework. According to the report, the large-value attacks against DLT protocols and smart contracts in the DeFi area highlight the possible operational and reputational dangers. The potential security threats CBDC systems could encounter are illustrated by recent smart contract hacks that resulted in losing a lot of value in DeFi.
BIS suggests these dangers could include DLT-related attacks on consensus protocols, cross-chain bridges, oracles, smart contracts, and offline CBDC components.
BIS suggests a CBDC security design
The BIS framework, released on Thursday, is a component of Project Polaris, which seeks to develop “secure and resilient CBDC systems, offline and online.” Project Polaris aims to provide a framework for CBDC design, implementation, planning, and operational considerations to central banks worldwide.
The framework advises central banks to develop “security and resilience functional teams” and enhance their protocols to thwart these attacks. These teams would be involved in every stage of a CBDC program to guarantee that the specifications are implemented to defend against cyber attacks.
The report also states that central banks should acknowledge the complexity and new threat environment brought on by CBDC systems and, where appropriate, deploy cutting-edge enabling technology supporting security and resilience. The framework, which serves as a baseline, will need to be periodically updated in collaboration with the central bank community, the public sector, and private entities that might participate in a CBDC ecosystem to keep up with changes to CBDC systems and the cyber threat landscape.