CBDC and Cybersecurity Challenges: Navigating the New Digital Financial Landscape

Authors: Tuhu Nugraha and Dr. Pinky Rani*

In an increasingly digital financial era, the concept of Central Bank Digital Currency (CBDC) promises several benefits, including improved efficiency in payment systems, expansion of financial inclusion and enhanced transaction security. However, the journey to full adoption of CBDC is not without its challenges, particularly cybersecurity risks. In a world more connected than ever before, cyber security is not just an additional component, but a fundamental foundation that must be considered in the early stages of development and implementation of CBDC.

The increase in cyber attacks against the financial sector is concrete evidence of these challenges. Data from the World Economic Forum shows that cyber attacks against the financial sector increased by 238% between 2016 and 2021. This fact underlines the vulnerability of the financial system in the face of increasingly sophisticated cyber threats.

Furthermore, as a digital asset, CBDCs are potential soft targets for hackers. Being in digital form makes them attractive targets for theft or as a means of destabilizing the financial system. The impact of cyber attacks on CBDCs is not limited to significant financial losses, but also the erosion of public trust in the financial system. These losses are not only material, but can also shake the foundation of trust that is key to the currency’s function.

This cybersecurity risk, particularly the potential for significant losses and loss of public trust, is a major factor causing consumer reluctance to migrate to CBDCs. Concerns about the security of their digital assets in the face of increasing cyber threats are serious considerations that must be addressed by policymakers and CBDC developers. Therefore, building and strengthening the cybersecurity foundation from the start is a crucial step in maintaining the integrity and fostering trust in CBDCs as part of the future financial system.

Identifying Cyber ​​Security Risks in CBDC

In the development and implementation of Central Bank Digital Currency (CBDC), identifying cyber security risks is a crucial step that cannot be overlooked. These risks arise from various system interactions within the CBDC ecosystem, covering aspects from technical infrastructure to user behavior. Understanding and managing these risks is essential to ensure the security, stability and reliability of CBDC operations. Below are some key points related to cybersecurity risks within the CBDC ecosystem, based on existing system interactions:

Interdependence of banking systems

The interdependence of banking systems in the CBDC era is similar to a nervous system in the human body, where each nerve is connected to form a complex system. When one bank experiences a cyber attack, its impact can spread throughout the body like a virus, quickly infecting other financial institutions connected to it. This happens because banks and financial institutions often share information and payment systems, making the entire network vulnerable to the same attacks.

Addressing this risk requires a security system that not only protects each institution individually, but also secures the entire network or financial ecosystem. This means that security efforts must be collaborative, with financial institutions sharing the latest security technologies, cyber threat information and mitigation strategies in real time. Joint simulation of attacks is also crucial to ensure that the entire system can effectively withstand and recover from cyber attacks.

This integrated security approach is not only about protecting financial assets, but also about maintaining public trust in the digital financial system. In the context of CBDC, where trust is a valuable asset, building and maintaining system security is a top priority. Through collaboration and shared commitment between financial institutions, we can create a CBDC ecosystem that is not only efficient and inclusive, but also secure and resilient to cyber threats.

User Interfaces and APIs

User interfaces and application programming interfaces (APIs) are like the doors and windows of a house, connecting the inhabitants to the outside world. In the context of CBDC, the user interface is the system’s display that interacts directly with the user, such as a mobile banking application or website, while APIs are the way the system technically communicates with other applications or systems. If these doors and windows are not secure, hackers can easily “get in” to steal sensitive information or perform other malicious activities.

Vulnerabilities in user interfaces can include designs that allow users to inadvertently give away personal or financial information to unauthorized parties. Vulnerabilities in APIs, often invisible to the average user, can be exploited by hackers to access data or perform unauthorized transactions. Therefore, it is essential for CBDC developers to create interfaces and APIs that are not only user-friendly but also highly secure.

Achieving this requires the development of secure interfaces and regular audits of APIs. This means performing regular security checks and tests to find and fix security gaps before hackers can exploit them. In addition, implementing extra security measures, such as two-factor authentication and data encryption, can improve the security of user information and transactions. The interaction points between users and the CBDC system can therefore be secured, minimizing the risk of data leaks and illegal activities.

Internal threats

Internal threats are similar to a situation where the “thief” is someone inside who is supposed to protect the system. In the context of CBDC, this could mean employees accidentally opening security gaps or deliberately abusing their access. To prevent this, institutions should limit access to only those who really need it and conduct regular security training. Additionally, real-time activity monitoring helps quickly detect and address suspicious actions, protecting the system from the inside.

Payment services sector

In the world of CBDC, the digital payment systems and ledgers used to record transactions are essential, but also highly susceptible to cyber attacks. Imagine these systems as the heart of the CBDC payment operations, where an attack on this “heart” could disrupt the entire financial system. For example, if hackers successfully damage or alter information in the CBDC ledger, it could not only stop transactions, but also reduce public confidence in the security and stability of the digital currency.

To prevent this, it is essential for those running CBDCs to use the latest security technologies and the strongest cryptographic protocols. Cryptographic protocols act as a complex and impenetrable security system, protecting information from theft or unauthorized changes. By ensuring that every transaction and record in the CBDC system is encrypted and securely protected, we can keep payment operations running smoothly and maintain public confidence in digital currency.

End User Technology

The devices we use on a daily basis, such as smartphones and point-of-sale (POS) machines, are our main gateway for accessing and using digital currencies such as CBDC. However, these devices can also be security vulnerabilities, allowing hackers to enter and perform harmful activities, such as stealing money from digital wallets or conducting transactions without the owner’s knowledge. Imagine if someone else found the keys to your house; they could go in and take what they wanted. Likewise, if the security of these devices is weak, your data and digital money are at risk.

Closure

The introduction of Central Bank Digital Currencies (CBDCs) represents a significant shift towards the digitization of our financial systems, reflecting an effort to modernize global finance in line with technological advances. However, the move to digital currency systems introduces a complex set of cybersecurity challenges that must be carefully addressed to ensure the safe and effective implementation of CBDCs. The Polaris Security and Resilience Framework serves as a critical tool in this effort, providing central banks with a structured, seven-step model designed to protect against the multifaceted cyber threats that accompany the transition to a digital currency system .

By recognizing the complexity of the new threat landscape, adopting modern security technologies, leveraging existing capabilities and identifying areas for development and new implementation, central banks can create secure and resilient CBDC systems. This proactive approach to cyber security is essential to not only mitigate operational, legal and reputational risks, but also to ensure the privacy and protection of users in the digital financial ecosystem. As such, the Polaris Framework is not a static solution, but a dynamic guide that evolves with technological advances and the changing cyber threat landscape. Its ongoing development, supported by collaboration between central banks, the public sector and private entities, highlights a commitment to promoting a secure and inclusive digital financial future.

*Dr. Pinki Rani works as an Assistant Professor in the Department of Commerce at Indira Gandhi University, Meerpur, Rewari, Haryana, India. With a doctorate from Chaudhary Devi Lal University, Sirsa, Haryana, Dr. Pinki Rani more than twenty years of rich experience to the academic community. She specializes in Accounting, Finance, Strategic Management and Computer Applications in Business and is a seasoned researcher with numerous publications in esteemed journals, making a significant contribution to the academic discourse.