BIS lays out steps for ‘secure and resilient’ CBDC systems
BIS says a cyber attack on “critical infrastructure” could threaten potential CBDC framework
Proxima Studio/Shutterstock modified by Blockworks
Research into safe and sustainable CBDC systems has continued apace, with the Bank of International Settlements on Friday outlining the agency’s latest steps to provide a “security and resilience framework” for them.
The idea behind the Bank of International Settlements’ paper, published on Friday, was to help banks safeguard against risks when it comes to CBDC implementation.
The paper, dubbed Project Polaris, is designed to get ahead of CBDC launches and protect “critical infrastructure.”
While central banks largely have cyber security measures in place, the introduction and rollout of CBDCs could lead to new risks. While over 100 countries — including the UK and US — are currently exploring a potential CBDC, few have moved beyond small-stage, pilot projects and into actual implementation.
“CBDC systems will need to remain highly resilient in a broad range of scenarios, including short-term (such as temporary system outages), ongoing situations (such as in areas without reliable internet, telecommunications connectivity or power), or civil contingency conditions (such as natural disasters or war), 9 besides being highly responsive in normal operations,” the BIS wrote.
Successful and safe implementation requires modernized technology to not only support a CBDC, but also to protect it, the agency found — echoed by other central banks.
Among the suggestions, Project Polaris pushed for central banks to hire a chief security officer (CSO).
The CSO would then be able to have “regular” communication with counterparts across the globe, since CBDCs will require an international framework. There would also be an “incident response team” who could respond to a variety of potential scenarios.
It also urges central banks to consider other operators needed in a CBDC ecosystem, from commercial banks to merchant partners. This would lead up to the fulfillment of a resilience requirement — similar to a stress test — depending on the CBDCs “weakest link.”
Overall, frequent check-ups and assurances of secure technology are said to be key for any CBDC if central banks decide to deploy them.
“The framework could also help central banks assess their cyber security and resilience maturity level as it stands today as compared with what could be required when operating a CBDC system, by assessing and ranking how the organization adheres to the practices outlined in this framework,” the BIS wrote.
Project Polaris is not the first foray into CBDC research that the BIS has conducted. It put out another report in late June focused on how commercial banks could tokenize customer deposits.
Don’t miss the next big story – join our free daily newsletter.