The deployment of Central Bank Digital Currencies (CBDCs) is gaining traction globally, with nations like the Bahamas, Jamaica, and Nigeria formally issuing them. However, the cybersecurity concerns surrounding CBDCs are becoming increasingly critical. Policymakers and developers grapple with the challenges posed by cybersecurity, recognizing its pivotal role in the success and security of CBDCs.
In a webinar titled ‘CBDCs and Cybersecurity: Resilience Considerations and Digital Money,’ organized by Global Government Fintech, experts highlighted the multifaceted cybersecurity risks associated with CBDCs. The two primary types of CBDCs are Retail CBDC (rCBDC) for everyday use and Wholesale CBDC (wCBDC) for interbank use.
Brazil’s CBDC Project Drex and Cybersecurity Challenges
Aristides Andrade Cavalcante Neto, Chief of Cybersecurity and the Technological Innovation Office at Banco Central do Brasil (Brazil’s central bank – BCB), presented Brazil’s CBDC project, Drex. The project, based on distributed-ledger technology (DLT), is currently undergoing pilot testing. Cavalcante Neto emphasized the critical nature of cybersecurity, as any operational disruption or fraud could harm the central bank’s reputation and impact the economy.
He outlined challenges, including potential unauthorized access, data leakage due to decentralized storage, theft or loss of private digital wallet keys, encryption vulnerabilities, and concerns regarding the security of smart contracts. Brazil acknowledges a long journey ahead to achieve mature cybersecurity resilience for critical payment infrastructure and emphasizes collaboration with the private sector to exchange experiences and develop cybersecurity standards.
Shift from Closed to Open Networks Poses New Vulnerabilities
Frankosiligi Solomon, a senior digital expert from the International Monetary Fund’s (IMF) digital advisory unit, discussed the challenges posed by the transition from closed to open network architectures. As central banks implement new digital payment systems like CBDCs, the shift introduces complexities and increases vulnerability to potential malicious actors. Solomon emphasized the expanding attack surface of central bank networks, urging caution regarding potential bad actors and highlighting the financial sector’s attractiveness to cyber attackers.
Drawing from examples of live CBDCs like the Eastern Caribbean Central Bank’s DCash and Nigeria’s eNaira, Solomon pointed out operational challenges and vulnerabilities that impacted confidence in payment systems. He stressed the need for authorities to assess their cybersecurity capabilities in the evolving landscape before launching CBDCs.
Core Problems in Retail Payment Systems and CBDC Design
Dr. Geoff Goodell, a lecturer in financial computing at University College London (UCL), discussed core problems in digital retail payment systems and CBDC design. He categorized challenges into three areas: centralization risks, identity and authorization issues, and concerns related to account-based transaction models. Centralized systems processing transactions were highlighted as potentially compromised, identity-linked authorization posed opportunities for theft, and account-based transaction models could reveal sensitive information.
Dr. Goodell shared insights from the ‘Future of Money’ initiative, demonstrating the feasibility of users holding centrally issued electronic tokens with clearing and settlement by independent private actors. He emphasized the importance of alleviating some cybersecurity burdens by exploring alternative models.
In conclusion, the webinar shed light on the complex cybersecurity landscape surrounding CBDCs, emphasizing the need for collaboration, continuous assessment, and innovative approaches to address evolving threats. As central banks globally move forward with CBDC development, cybersecurity will remain a critical aspect requiring vigilant attention and adaptive strategies.
