Cybersecurity and risk considerations for CBDCs

Governments and central banks around the world are exploring the benefits that a central bank digital currency can bring to their economies. Not only must they deliver the policy benefits envisaged – including driving digital innovation, growth and increasing financial inclusion – a digital currency must tackle evolving cybersecurity threats. In this article for the Digital Pound Foundation, Gilbert Verdian, CEO and Founder of Quant, looks at what the global regulators expect from this critical national infrastructure and how businesses can be convinced to embrace a CBDC such as the digital pound.

25 April 2022

Over the past decade, consumer behaviour has evolved, changing how people pay.  Ecommerce has superseded high street shopping and cash use has rapidly declined. In 2020, the Bank of England (BoE) reported that just 17% of all UK payments were made in cash. This trend has been further accelerated by Covid-19 with the volume of electronic payments growing every day in many countries worldwide.

Given the declining use of cash, and more than 6,000 cryptocurrencies and stablecoins in use globally, 80% of central banks are actively exploring the case for central bank-issued digital currencies (CBDCs). In April 2021, the Bank of England and HM Treasury announced the joint creation of a taskforce to coordinate the exploration of a digital pound.

Not surprisingly, a crucial part of the global discussion is operational resilience, including cybersecurity. In a 2021 paper, the World Economic Forum outlined what it sees as key cybersecurity threats to CBDCs, including credential theft and loss, user roles and privileges, system integrity, double-spending and quantum computing. Our existing payment and settlement systems are designed with the highest security, resilience and reliability standards; central banks need to ensure that future CBDC infrastructure achieves the same or greater levels of confidence.

Distributed ledger technology (DLT) and the threat landscape

DLTs and blockchain can address cybersecurity threats and build on the trust we already have in our financial systems. Over the past decade, tens of billions in venture capital have poured into blockchain technologies. The market cap for cryptocurrencies reached three trillion USD in 2021. That same year, JP Morgan, the US’s largest bank, established its Onyx blockchain division, conducting USD 1B in transactions per day using programmable money.

Blockchain technology is immutable and cryptographically secure. We see an increasing number of use cases worldwide with acute uptake in the financial sector, and CBDCs are well-placed to utilise this technology.

An appropriately designed CBDC should leverage a two-tier model using both a central bank and retail / commercial banks. As with cash, central banks should manage wholesale (inter-bank) payments; and banking intermediaries can manage payments between consumers and businesses.

This structure can mitigate risks from the structural disintermediation of banks and the centralisation of the credit allocation process to help prevent systemic runs on banks in crises.  

The CBDC model can use a “secure” decentralised structure with DLT configurations that are private, ring-fenced by governments and financial institutions, and permissioned, enabling consumers and businesses access through their commercial bank connected to the inter-bank CBDC network. This model serves as an ideal environment for a digital version of fiat currency with built-in security features.

In this permissioned architecture, every user could be clearly identified through their existing relationship held with their bank. This system could also be engineered to protect privacy. Individual data, including personal identifiable data on the ledger, can be obscured cryptographically from broader visibility. Existing controls found in financial systems, such as fitness and probity, can apply to trusted staff and system operators of participating institutions within the CBDC network responsible for CBDC operations.

DLTs create an immutable record of all transactions with a permanent audit trail. This provides ‘one source of truth’ for all participants and financial institutions on the network. Additionally, all records are individually signed by the participating financial institutions and encrypted for privacy. From a critical infrastructure perspective and in payment infrastructure policy, we need to ensure core DLT interoperability to maintain access and openness for consumers and businesses.

More broadly, it will help facilitate innovation, competition and economic growth. This includes integrating traditional (legacy) technology with the DLTs used by participating institutions, jurisdictions in other markets and other external networks. A commercial bank can leverage its existing DLT infrastructure to interoperate with the inter-bank DLT network, governed by the central bank. The aim is to ensure we facilitate cross-border transactions, interact with permissionless blockchains and can replace or upgrade a DLT when needed.

Breakthroughs in DLTs related to key management and putting data ‘on-chain’ are inspiring different approaches. These may lead to new capabilities that could be shared and deployed by participants in the future, such as:

  • The ability for all participants to utilise a secure and immutable digital version of identity,
  • A solution where a user can control and revoke access rights to personal data in accordance with GDPR,
  • Technology configurations that enable interoperability and replacement when better technology emerges.

The decentralised approach of DLTs establishes the highest level of resilience and eliminates a central point of failure.

And, naturally, any infrastructure underpinning a CBDC will be treated as critical national infrastructurevital to our economy and financial stabilityin the same manner as our existing payments infrastructure.

It would be subject to the same rigorous controls used to operate and protect it. The model would leverage the three pillars of cybersecurityconfidentiality, integrity and availability for people, processes and technologyso we can adapt as the threat landscape changes. Even with the best defences, absolute guarantees of protection may not be a realistic objective for any technology.  The underlying technology must be effective as a line of defence against malicious agents and other cyberthreats, and as a means of rapid response to mitigate and remedy security or privacy breaches.

Improving existing systems

A key advantage of DLT-based CBDCs, noted by financial institutions and central banks, is the potential to help better manage existing risks, including fraud, money laundering and terrorist financing. Our current controls struggle to cope with the ingenuity and persistence of criminals. CBDCs offer the potential to build in fraud-prevention by embedding rules and policies around the type and size of transactions, counterparties and jurisdictions, for example.

CBDCs also have implications for nearly every data-driven part of finance. From managing ‘know your customer’ data to tracking illegal activity across billions of transactions, a digital currency can create a detailed audit trail that could help to tackle some of the most significant challenges facing the financial sector today.

At the same time, CBDCs could open the way for ‘smart’ or ‘programmable’ money by enabling transactions to be made according to specific conditions, rules or events. Payment of tax or dividends could be automated, for example, to cut costs and increase the efficiency of corporate treasury operations.

Delivering a public good, digitally

There remains substantial misunderstanding by the public, parliamentary bodies and regulators on the impact and implications of CBDCs. Benefits will only be delivered if there is strong uptake by consumers and businesses. Helping these stakeholders understand the benefits of a digital pound will play a crucial role in building the case for its development and use.

From a policy perspective, CBDCs can complement (rather than replace) physical cash and provide continued access to central bank-backed money, foster digital innovation and increase financial inclusion. CBDCs can also help achieve other important central bank goals, such as reducing the risk of currency substitution and improving monetary policy implementation.

But from the outset, a digital currency must replicate the best qualities of what we use now. Money is a public good. It is provided without the intention of profit and for the benefit of society.

As such, CBDCs present a historic opportunity for central banks to create a new form of public money to meet future payment needs in the digital economy with safety, integrity, efficiency and access as a focus. If we want the public to embrace CBDCs, we need to address their concerns. Surveys into CBDCs have revealed the importance that people place on the potential for anonymity. Many people like physical cash because they feel that no one should know how or where they spend their money, and distrust government controls.

In response, the BoE has set privacy as a key design principle for the taskforce’s exploration into a UK digital pound.

Ideally, CBDC design needs enough transparency to enable the leap forward in efficiency and effectiveness while still protecting individual and corporate rights to privacy.

One approach could be to have different treatments for low and high-value payments. The technology exists to build an infrastructure that can safeguard users’ privacy for lower-value transactions while ensuring higher-value transactions are subject to anti-money laundering and other compliance checks. For example, this could ensure that transactions below a certain threshold are not linked to any personal identifiable information, providing greater anonymity than our current electronic payment systems.

The future threat environment

As our technologies evolve, new risks will emerge, and financial crime will become even more sophisticated. Risk management processes and protocols need to keep step with these.

This brings us to another risk already on the radar – quantum computing. If, as anticipated, it eventually gains the power to compromise major data encryption methodologies and undermine the cryptography used to protect access, confidentiality and data integrity, quantum computing will impact all financial services. CBDCs are no exception.

No one can predict when quantum computers will be capable of cracking today’s encryption methods. However, an enormous amount of work is taking place to develop technology robust enough to withstand a quantum attack. Given the importance of data protection by governments and others, we can expect that these existing encryption methodologies will be replaced by quantum-proof encryption in the systems we all rely upon.

Mindful of the threat, embracing the possibilities

We live in a digital world. There’s no turning back now. Central banks see this and are exploring the best and safest way to operate. Although, CBDCs offer the potential to deliver significant benefits, they also potentially usher in new ways of working for central banks, financial institutions and other participants in our monetary ecosystem. They also raise fundamental questions across a range of public policy objectives. In thinking about a digital pound, the UK’s CBDC taskforce is weighing these issues.

Security sits at the heart of these discussions and others taking place around the world. A central bank’s primary objective is to maintain monetary and financial stability.  Any CBDC needs to be designed in a way that supports this. Additionally, it must be accompanied by appropriate, robust operational risk management and cybersecurity policies and procedures. Finally, it needs to replicate the technical resilience, sound governance and integrity of our existing infrastructure to gain the confidence of the public.

Want to know more?

GET IN TOUCH