Authors: Tuhu Nugraha and Dr. Pinki Rani*
In an increasingly digital financial era, the concept of Central Bank Digital Currency (CBDC) promises several advantages, including improved efficiency in payment systems, expansion of financial inclusion, and strengthened transaction security. However, the journey towards full adoption of CBDC is not without its challenges, particularly cybersecurity risks. In a world that is more connected than ever, cybersecurity is not just an additional component but a fundamental foundation that must be considered from the early stages of development and implementation of CBDC.
The rise in cyber attacks against the financial sector is concrete evidence of these challenges. Data from the World Economic Forum shows that cyber attacks against the financial sector increased by 238% between 2016 and 2021. This fact underscores the vulnerability of the financial system in the face of increasingly sophisticated cyber threats.
Furthermore, as a digital asset, CBDCs are potential soft targets for hackers. Being in digital form makes them attractive targets for theft or as a means to disrupt the financial system’s stability. The impact of cyber attacks on CBDCs is not limited to significant financial losses but also the erosion of public trust in the financial system. These losses are not only material but can also shake the foundation of trust that is key to the currency’s function.
This cybersecurity risk, especially the potential for significant losses and loss of public trust, is a major factor causing consumer hesitation to migrate to CBDCs. Concerns about the security of their digital assets in the face of increasing cyber threats are serious considerations that must be addressed by policymakers and CBDC developers. Therefore, building and strengthening the cybersecurity foundation from the start is a crucial step in maintaining the integrity and boosting confidence in CBDCs as part of the future financial system.
Identifying Cybersecurity Risks in CBDC
In the development and implementation of Central Bank Digital Currency (CBDC), identifying cybersecurity risks is a crucial step that cannot be overlooked. These risks arise from various system interactions within the CBDC ecosystem, covering aspects from technical infrastructure to user behaviour. Understanding and managing these risks are essential to ensure the security, stability, and trustworthiness of CBDC operations. Below are some key points related to cybersecurity risks within the CBDC ecosystem, based on existing system interactions:
Interdependence of Banking Systems
The interdependence of banking systems in the CBDC era is akin to a nervous system in the human body, where each nerve is connected to form a complex system. When one bank experiences a cyber attack, its impact can spread like a virus in the body, quickly infecting other financial institutions connected to it. This occurs because banks and financial institutions often share information and payment systems, making the entire network vulnerable to the same attacks.
To address this risk, a security system is needed that not only protects each institution individually but also secures the entire network or financial ecosystem. This means that security efforts must be collaborative, with financial institutions sharing the latest security technologies, information about cyber threats, and mitigation strategies in real-time. Joint simulation of attacks is also crucial to ensure that the entire system can withstand and recover from cyber attacks effectively.
This integrated security approach is not just about protecting financial assets but also about maintaining public trust in the digital financial system. In the context of CBDC, where trust is an invaluable asset, building and maintaining system security is a top priority. Through cooperation and shared commitment among financial institutions, we can create a CBDC ecosystem that is not only efficient and inclusive but also secure and resistant to cyber threats.
User Interfaces and APIs
User interfaces and Application Programming Interfaces (APIs) are like the doors and windows of a house, connecting the occupants to the outside world. In the context of CBDC, the user interface is the system’s display that directly interacts with the user, such as a mobile banking app or website, while APIs are the means by which the system communicates technically with other apps or systems. If these doors and windows are not secure, hackers can easily “enter” to steal sensitive information or perform other malicious activities.
Vulnerabilities in user interfaces might include designs that inadvertently allow users to give away personal or financial information to unauthorized parties. Vulnerabilities in APIs, often invisible to the average user, can be exploited by hackers to access data or conduct unauthorized transactions. Therefore, it’s crucial for CBDC developers to create interfaces and APIs that are not only user-friendly but also highly secure.
Achieving this requires the development of secure interfaces and regular audits of APIs. This means conducting regular security checks and tests to find and fix security gaps before hackers can exploit them. Additionally, implementing extra security measures, such as two-factor authentication and data encryption, can enhance the security of user information and transactions. Thus, the interaction points between users and the CBDC system can be secured, minimizing the risk of data leaks and illegal activities.
Internal Threats
Internal threats are akin to a situation where the “thief” is someone inside who is supposed to protect the system. In the context of CBDC, this could mean employees inadvertently opening security gaps or intentionally misusing their access. To prevent this, institutions must limit access only to those who truly need it and conduct regular security training. Moreover, real-time monitoring of activities helps detect and address suspicious actions promptly, protecting the system from within.
Payment Services Sector
In the world of CBDC, the digital payment systems and ledgers used to record transactions are vital but also highly susceptible to cyberattacks. Imagine these systems as the heart of the CBDC payment operations, where an attack on this “heart” could disrupt the entire financial system. For instance, if hackers successfully damage or alter information within the CBDC ledger, it could not only halt transactions but also diminish public trust in the security and stability of the digital currency.
To prevent this, it’s vital for those managing CBDCs to use the latest security technologies and the strongest cryptographic protocols. Cryptographic protocols act as a complex and impenetrable security system, protecting information from theft or unauthorized alterations. By ensuring that every transaction and record in the CBDC system is encrypted and securely protected, we can keep payment operations smooth and maintain public trust in digital currency.
End-User Technology
The devices we use daily, such as smartphones and Point of Sale (POS) machines, are our main gateway to accessing and using digital currencies like CBDC. However, these devices can also be security vulnerabilities, allowing hackers to enter and conduct harmful activities, such as stealing money from digital wallets or making transactions without the owner’s knowledge. Imagine if someone else found the keys to your house; they could enter and take whatever they want. Similarly, if the security of these devices is weak, then your data and digital money are at risk.
Conclusion
The introduction of Central Bank Digital Currencies (CBDCs) represents a significant shift towards the digitization of our financial systems, reflecting an effort to modernize global finance in alignment with technological advancements. However, the move to digital currency systems introduces a complex array of cybersecurity challenges that must be meticulously addressed to ensure the safe and effective implementation of CBDCs. The Polaris security and resilience framework serves as a critical tool in this endeavor, offering central banks a structured, seven-step model designed to safeguard against the multifaceted cyber threats that accompany the transition to a digital currency system.
By recognizing the complexity of the new threat landscape, adopting modern security technologies, leveraging existing capabilities, and identifying areas for development and new implementation, central banks can create secure and resilient CBDC systems. This proactive approach to cybersecurity is essential not only for mitigating operational, legal, and reputational risks but also for ensuring the privacy and protection of users in the digital financial ecosystem. As such, the Polaris framework is not a static solution but a dynamic guide that evolves in tandem with technological advances and the shifting cyber threat landscape. Its ongoing development, supported by collaboration among central banks, the public sector, and private entities, underscores a commitment to fostering a secure and inclusive digital financial future.
*Dr. Pinki Rani is working as an Assistant Professor in the department of Commerce at Indira Gandhi University, Meerpur, Rewari, Haryana, India. Holding a Doctoral degree from Chaudhary Devi Lal University, Sirsa, Haryana, Dr. Pinki Rani brings over Twenty years of rich experience to the academic community. Specializing in Accounting, Finance, Strategic Mgt, and Computer applications in Business she is a seasoned researcher with numerous publications in esteemed journals, contributing significantly to the academic discourse.