A central bank digital currency is virtual money that is issued and regulated by the central bank of a country. It can be seen as a digital form of the country’s fiat currency and can be used as a legal tender for the exchange of goods and services. With a CBDC in place, the traditional forms of money such as banknotes and coins can be replaced and countries can move towards a cashless society with the full backing of the government. It aims to enhance transaction efficiency, improve financial inclusion, and provide transparency and accountability.
A technology solution that is often discussed for a CBDC is distributed ledger technology (DLT). The use of a decentralized ledger replicated across a distributed network could offer enhanced availability and minimize single points of failure, and the use of cryptographic hashes ensures the integrity of transaction records. While DLT may offer benefits, its use is not without security risks. For example, many of the purported benefits are associated with permissionless designs, yet security incidents involving these same designs demonstrate the continued existence of vulnerabilities.
Security is crucial for CBDC regardless of the technology used. The security considerations for CBDC are similar to those for conventional payment systems and online banking. Attackers will employ phishing attacks, malware, and insider threats, while nation-states may engage in espionage or disruptive actions. To prevent such attacks, central banks must establish robust information security programs. This blog discusses the importance of CBDC security, leveraging existing frameworks, and addressing specific security areas for CBDC designs based on distributed ledger technologies (DLTs).
Objectives of CBDC
The CBDC Strategy aims to achieve several key objectives:
- Addressing Pain Points in Payments
- CBDC will address domestic and cross-border payment challenges.
- It will provide a secure, cost-effective, and efficient form of payment.
- The digital currency will facilitate smoother transactions and settlements.
- Enhancing Financial Inclusion
- CBDC will contribute to the country’s digital transformation and financial inclusion efforts.
- It will enable easier access to financial services for individuals and businesses.
- CBDC will promote financial inclusion by providing a convenient and accessible digital payment solution.
- Transitioning Towards a Cashless Society
- CBDC will facilitate the move towards a cashless society.
- Traditional forms of money, such as banknotes and coins, can be replaced by the digital currency.
- CBDC will provide a secure and reliable alternative to physical cash.
- Strengthening Payment Infrastructure
- The implementation of CBDC will strengthen the country’s payment infrastructure.
- It will introduce additional robust payment channels, ensuring a resilient and reliable financial system.
- Preparing for Tokenization
- CBDC will lay the foundation for potential future tokenization of financial and non-financial activities.
- It will contribute to the development of a tokenized economy.
Benefits of CBDC Adoption
The adoption of CBDC offers numerous benefits, including:
- Reduced Transaction Costs
- CBDC transactions can be more cost-effective compared to traditional payment methods.
- Lower transaction costs can benefit individuals, businesses, and the overall economy.
- Enhanced Security
- CBDC provides enhanced security features, making transactions more secure.
- Advanced cryptographic techniques and blockchain technology ensure the integrity of CBDC transactions.
- Financial Inclusion
- CBDC promotes financial inclusion by providing access to digital financial services.
- Individuals without bank accounts can conveniently store and transact with CBDC, bridging the gap between traditional banking and digital finance.
- Efficient Monetary Measures
- CBDC enables central banks to implement monetary measures more swiftly and effectively.
- It provides the capability to distribute funds quickly during times of economic stimulus or crisis.
- Faster and Lower-Cost Transactions
- CBDC facilitates faster and lower-cost alternatives for exchanging value.
- Transactions can be settled in near real-time, eliminating intermediaries and associated costs.
- Improved Transparency and Security
- CBDC transactions can be tracked more transparently, reducing the risk of illicit activities.
- The secure and immutable nature of blockchain ensures transaction integrity.
Challenges of CBDC Implementation
While CBDC implementation offers numerous benefits, it also presents certain challenges, including:
- Privacy Concerns
- CBDC transactions may have limited anonymity compared to certain cryptocurrencies.
- Striking a balance between privacy and regulatory requirements is crucial.
- Security Considerations
- Implementing robust security measures is essential to safeguard CBDC transactions against cyber threats and attacks.
- The secure storage and handling of digital wallets is critical to prevent unauthorized access.
- Building a highly secure architecture with adequate security controls.
- Impact on Commercial Banks
- The introduction of CBDC may lead to a potential loss of income for commercial banks.
- Increased competition among banks may necessitate competitive interest rates or deposit schemes to retain customers.
Security Considerations for a CBDC
Security is crucial for Central Bank Digital Currency (CBDC) as it enables real-time and irreversible payment settlement. Breaches in CBDC systems can have immediate and broader risks for payment systems, consumers, financial markets, economies, and currency-issuing institutions.
- Supporting a Resilient Payment System:
- CBDC should augment existing payment infrastructure, ensuring secure transactions and preventing disruptions.
- Security breaches can lead to payment delays, credit and liquidity exposures, and financial instability.
- Building Trust in a Payment Instrument:
- CBDC requires a secure platform to establish trust among users, merchants, and consumers.
- Measures to prevent counterfeiting, fraud, and double-spending are necessary to maintain trust in CBDC.
- Protecting End User Asset and Sensitive Personal Information:
- Collection and storage of sensitive information in a general-purpose CBDC require secure handling.
- Compliance with privacy laws and prevention of fraud and unauthorized disclosure are essential.
- Preventing Reputational Harm to a Central Bank:
- Security problems with CBDC can damage the reputation of the central bank and its ability to fulfill responsibilities.
- Resilient and secure CBDC operation is crucial for maintaining trust in the central bank.
- CBDC system architecture, especially for DLT-based designs, needs to consider network size, ownership, governance, and third-party involvement.
- Identifying and addressing security risks associated with different architectures is necessary.
- Governance models determine participant roles, decision-making, and consensus mechanisms.
- Effective security management through governance structures is vital, including incident reporting, system maintenance, and adherence to security requirements.
- Third Parties:
- Third-party participants in the CBDC ecosystem may have different security practices.
- Routine audits, evaluations, and contractual agreements can ensure acceptable security standards.
- Key Management Custodians:
- Key management custodians may be necessary to address usability challenges and secure key storage.
- Security controls should align with payment system expectations.
- External Oracles:
- Oracles as sources of external data for smart contracts should be secure and reliable.
- Attention to emerging technology area in the blockchain space.
- Protocols and Code:
- Blockchain protocols offer security benefits through distributed networks and cryptography.
- Central banks should evaluate cryptographic protocols and consider future-proofing measures.
- Consensus Mechanisms:
- Consensus mechanisms in blockchain protocols confirm transactions but can be vulnerable.
- Effective mechanisms balance decentralization, throughput, and prevention of collusion.
- Vulnerabilities in DLT Implementations:
- DLT implementations may have unknown vulnerabilities due to novelty.
- Follow security best practices for code testing and reviews.
- Human Factors:
- DLT-based systems may mitigate traditional human threats.
- Consider the larger attack surface with millions of users.
- Address human factors through training, monitoring, and physical security controls.
CBDC Threat Model
To understand the cybersecurity implications of Central Bank Digital Currency (CBDC), it is important to specify the threat model and consider the security requirements and threat actors that are relevant to CBDCs.
|Threat Actor||Potential Threats|
|Hackers||• Unauthorized access to CBDC system
• Theft of funds
• Exploitation of vulnerabilities
|Insiders||• Misuse of privileges
• Unauthorized disclosure of sensitive information
|Nation-states||• Disruption of CBDC system
• Financial instability
• Intelligence gathering
|Organized crime groups||• Money laundering
• Fraudulent activities
• Exploitation of system vulnerabilities
|Terrorist organizations||• Funding of illicit activities
• Disruption of financial systems
CBDCs must satisfy various security and performance-related properties. These requirements include:
- Integrity: Ensuring that money transfers and creation are correct, preventing the creation or deletion of money out of thin air, and ensuring that funds are transferred only by the legitimate owner.
- Authentication and Authorization: Verifying the identity of users and validating transaction details, such as recipient identity and payment amount, to ensure that only the legitimate owner can transfer money.
- Confidentiality: Protecting transactions from unauthorized parties through encryption of data during transport. While confidentiality techniques are widely used in the banking industry, privacy considerations are also important.
- Privacy: Safeguarding user information, such as payment transaction details, from authorized parties is a critical concern. The CBDC system should be designed to protect user privacy while complying with relevant regulations. This includes implementing privacy-preserving measures in the storage, processing, and transmission of sensitive data within the cloud infrastructure and the enterprise blockchain.
- Resilience: The CBDC system must be resilient to faults, failures, and potential disruptions. Leveraging a cloud infrastructure enables scalability, redundancy, and fault-tolerant features, which can enhance the overall resilience of the CBDC system. The enterprise blockchain should also incorporate fault-tolerant consensus mechanisms to handle infrastructure failures and ensure the continuity of operations.
- Network Performance and Costs: Network performance and associated costs are critical considerations for a CBDC. The cloud infrastructure should provide high-performance capabilities to meet the transaction processing demands of the CBDC system. It is essential to optimize network latency and throughput to achieve efficient and cost-effective operations.
- Governance: Establishing well-defined guidelines for managing operations and conflicts among multiple parties involved in CBDC maintenance, such as application developers, hardware manufacturers, cloud service providers, and transaction validators.
- Architecture Design: The architecture design of the CBDC system should incorporate security best practices and consider factors such as system partitioning, redundancy, secure communication channels, right set of security controls, auditing and monitoring capabilities, disaster recovery and business continuity planning, scalability and performance optimization, and secure APIs and interfaces. This ensures that the CBDC system is built with robust security measures and resilience to potential threats
Layers of the Technical Stack
The CBDC technical stack comprises several layers that attackers can exploit, and these layers interact with each other. These layers include:
- Human: End users can be exploited as vectors for attacks or become victims themselves. Operators of the CBDC can also pose vulnerabilities, such as through phishing attacks targeting the control mechanisms.
- Application: CBDCs are expected to have an ecosystem of applications that interface with the digital payment system. Vulnerabilities introduced by application developers can be exploited to steal money or exfiltrate data, impacting the overall security of the CBDC.
- Consensus: CBDC designs often involve consensus protocols to provide redundancy and ensure validity of financial transactions. Attacks on the consensus protocol typically involve the corruption of one or more parties, and robust protocols require mathematical security guarantees.
- Computation and Storage: Back-end infrastructure is required to maintain a secure and functional payment system. Distributed computation nodes and distributed ledger storage can be used, but splitting the ledger into shards can impact transaction validation.
- Network: CBDC events and updates are communicated through networks, which can be targeted for attacks such as denial of service, censorship, or partitioning attacks. Network interactions also impact the consensus layer.
- Hardware: CBDCs run on various hardware, including mobile devices, hardware wallets, and servers. Insecure firmware or vulnerabilities in hardware products can become attack vectors, potentially compromising the security of the CBDC system.
Global CBDC Landscape
The global adoption of CBDCs is gaining momentum, with several countries actively exploring or implementing their own digital currencies:
- 11 countries have already launched CBDCs, with 18 countries in the pilot stage.
- Approximately 70 countries are actively researching and developing CBDC initiatives.
- Projections indicate that CBDC-based payments may reach $213 billion annually by 2030.
In conclusion, the implementation of a Central Bank Digital Currency (CBDC) marks a crucial step towards the digital transformation of financial systems on a global scale. CBDCs offer a host of advantages, including cost-effective transactions, heightened security, and greater financial inclusivity. However, it is imperative to address challenges related to privacy, financial structure, and competition among financial institutions. Through careful planning and collaborative efforts with technology partners, we can overcome these obstacles and leverage CBDCs to strengthen financial infrastructures, drive financial inclusion, and embrace the potential of a digital future.