BIS DEVELOPS FRAMEWORK AGAINST CBDC CYBERATTACKS

Last updated: October 26, 2025, 17:33 | Written by: Alaric Drome

Bis Develops Framework Against Cbdc Cyberattacks
Bis Develops Framework Against Cbdc Cyberattacks

The world of digital finance is rapidly evolving, and with it, the threat landscape.As central banks worldwide explore and implement Central Bank Digital Currencies (CBDCs), the need for robust cybersecurity measures becomes paramount. Posted by u/Sir_Cryptoid - 2 votes and no commentsOn July 7th, the Bank for International Settlements (BIS), an organization owned by central banks, took a significant step in addressing this challenge by publishing a comprehensive framework designed to defend CBDCs against increasingly sophisticated cyberattacks. The institution cited rising exploits against DeFi as a need for more secure CBDCs. On July 7, the Bank for International Settlements (BIS), a financial institution owned by constituent central banks, published a framework for defending central bank digital currencies (CBDCs) against cybersecurity threats. The BIS wrote: Recent examples of smart contract hacks, which have led to the loss ofThis framework, born from Project Polaris, provides guidance for central banks on the design, implementation, planning, and operational considerations necessary to secure these digital currencies. On July 7, the Bank for International Settlements (BIS), a financial institution owned by constituent central banks, published a framework BIS develops framework against CBDC cyberattacksThe move signals the BIS's serious commitment to fostering innovation in the digital asset space while proactively mitigating the risks associated with it, particularly those stemming from the vulnerabilities inherent in Distributed Ledger Technology (DLT) and smart contracts.The initiative highlights the critical need to protect retail CBDC operations with a resilient cybersecurity framework, safeguarding economies and maintaining trust in central banks in an era of digital transformation.The framework aims to help central banks upgrade their procedures and create dedicated security and resilience functional teams to combat these emerging threats.

Understanding the Threat Landscape for CBDCs

approach for cbdcs
approach for cbdcs

The rise of decentralized finance (DeFi) has been accompanied by a surge in cyberattacks targeting vulnerabilities within the ecosystem. used in DeFi attacks against the MITRE ATT CK framework to identify potential gaps in applying this framework to threats against CBDC implementations using technologies similar to DeFi (eg DLT). While this represents a starting point for this analysis in the CBDC space, the techniques and approach applied here through useThese attacks, often exploiting weaknesses in smart contracts and DLT infrastructure, have resulted in significant financial losses.The BIS recognizes that CBDCs, which may leverage similar technologies, are also susceptible to these types of threats.

Recent smart contract hacks have demonstrated the potential for attackers to exploit code flaws, manipulate protocols, and ultimately steal funds. To illustrate this point, a new report developed by the BIS Cyber Resilience Coordination Centre in partnership with the BIS Innovation Hub Nordic Centre analysed several notable DLT attacks in the DeFi domain using the MITRE ATT CK framework.These incidents serve as a stark reminder of the importance of rigorous security audits, robust testing, and proactive threat monitoring.The BIS framework acknowledges this reality and aims to equip central banks with the tools and strategies necessary to mitigate these risks.

  • Smart Contract Vulnerabilities: Flaws in the code that can be exploited to drain funds or manipulate the system.
  • DLT Infrastructure Weaknesses: Issues with the underlying blockchain technology that can be exploited to compromise the network.
  • Phishing and Social Engineering: Attacks that trick users into revealing sensitive information or transferring funds.
  • 51% Attacks: When a single entity or group controls more than 50% of the network's hashing power, allowing them to manipulate the blockchain.

Project Polaris: A Comprehensive Security Framework

  • structure for framework
  • Related implementation details

Project Polaris is the BIS's initiative to provide global central banks with a robust framework for CBDC security.The framework addresses various aspects of CBDC design, implementation, and operation, focusing on mitigating cyber risks and ensuring the resilience of these digital currencies.

Key Components of the Framework

  1. Risk Assessment and Management: Identifying potential threats and vulnerabilities, and implementing appropriate mitigation strategies.
  2. Security Architecture Design: Designing a secure CBDC system that incorporates multiple layers of protection.
  3. Operational Resilience: Ensuring that the CBDC system can continue to function even in the face of a cyberattack.
  4. Incident Response: Developing a plan for responding to and recovering from cyber incidents.
  5. Collaboration and Information Sharing: Sharing threat intelligence and best practices with other central banks and stakeholders.

The framework emphasizes the importance of a proactive and layered approach to security, recognizing that no single measure can completely eliminate the risk of cyberattacks. The institution cited rising exploits against DeFi as a need for more secure CBDCs. On July 7, the Bank for International Settlements (BIS), a financial institution owned by constituent central banks, published a framework for defending central bank digital currencies (CBDCs) against cybersecurity threats.It encourages central banks to adopt a ""defense in depth"" strategy, implementing multiple layers of security controls to protect against a wide range of threats.For instance, it recommends that any smart contracts used in the system undergo rigorous auditing by security experts before deployment.

Applying the MITRE ATT&CK Framework to CBDC Security

explanation for security
explanation for security

The BIS framework leverages the MITRE ATT&CK framework, a widely recognized knowledge base of adversary tactics and techniques, to analyze potential threats against CBDC implementations.By mapping known attack patterns to the specific technologies used in CBDCs, such as DLT, central banks can identify potential vulnerabilities and develop targeted mitigation strategies.

The analysis conducted by the BIS Cyber Resilience Coordination Centre in partnership with the BIS Innovation Hub Nordic Centre analyzed several notable DLT attacks in the DeFi domain using the MITRE ATT CK framework.This approach helps to identify potential gaps in applying this framework to threats against CBDC implementations using technologies similar to DeFi.This represents a starting point for this analysis in the CBDC space, the techniques and approach applied here through use.

The MITRE ATT&CK framework provides a structured and standardized way to understand and analyze adversary behavior, enabling security teams to better anticipate and respond to cyberattacks. Project Polaris plans to give global central banks a framework for CBDC design, implementation, planning and operational considerations. The BIS framework suggests central banks upgrade their procedures to fend off these type of attacks, and create security and resilience functional teams.It provides details on various attacker tactics and techniques, along with common mitigation strategies, allowing for more effective security planning and incident response.

Organizational Structure and Responsibilities

To effectively implement the CBDC security framework, the BIS recommends that central banks establish a clear organizational structure with defined roles and responsibilities.This includes establishing a central bank senior leadership and board, a chief security officer and various information technology, security and stakeholder teams.

Key Roles and Responsibilities

  • Senior Leadership: Responsible for setting the strategic direction for CBDC security and ensuring that adequate resources are allocated.
  • Chief Security Officer (CSO): Responsible for overseeing the implementation of the security framework and managing cybersecurity risks.
  • IT Team: Responsible for implementing and maintaining the technical security controls of the CBDC system.
  • Security Team: Responsible for monitoring the CBDC system for security threats and responding to security incidents.
  • Stakeholder Team: Responsible for communicating with stakeholders, such as other central banks, financial institutions, and the public, about CBDC security issues.

The BIS framework emphasizes the importance of collaboration and information sharing among these different teams.By working together, they can more effectively identify and address security threats and ensure the resilience of the CBDC system.

Addressing Concerns about CBDC Security

The development and implementation of CBDCs have raised various concerns about security and privacy.Some critics argue that CBDCs could be vulnerable to cyberattacks, while others worry about the potential for government surveillance of citizens' financial transactions.

The BIS framework seeks to address these concerns by providing central banks with the tools and guidance necessary to build secure and privacy-respecting CBDC systems. On July 7, the Bank for International Settlements (BIS), a financial institution owned by constituent central banks, published a framework for defending BIS develops framework against CBDC cyberattacks - Currency InsiderIt emphasizes the importance of incorporating privacy-enhancing technologies and implementing strong security controls to protect against cyberattacks and unauthorized access to data.By proactively addressing these concerns, central banks can build public trust and confidence in CBDCs.

Common Concerns and Mitigation Strategies

Concern Mitigation Strategy
Cyberattacks Implement layered security controls, conduct regular security audits, and develop incident response plans.
Data breaches Encrypt sensitive data, implement access controls, and comply with data protection regulations.
Government surveillance Incorporate privacy-enhancing technologies, such as zero-knowledge proofs and secure multi-party computation.
Money laundering and terrorist financing Implement robust anti-money laundering (AML) and counter-terrorist financing (CTF) controls.

The BIS's Stance on Decentralized Finance and CBDCs

The BIS has expressed caution regarding decentralized finance, citing concerns about its regulatory ambiguity, operational risks, and potential for illicit activities.However, the organization has been a strong advocate for the adoption of CBDCs, recognizing their potential to improve payment systems, enhance financial inclusion, and promote innovation.

The BIS believes that CBDCs can offer a safer and more efficient alternative to private cryptocurrencies, which are often subject to price volatility and regulatory uncertainty. BIS develops framework against CBDC cyberattacks J CryptoExpert Blockchain On July 7, the Bank for International Settlements (BIS), a financial institution owned by constituent central banks, published a framework for defending central bank digital currencies (CBDCs) against cybersecurity threats.By providing a digital form of central bank money, CBDCs can help to maintain monetary stability and promote financial innovation in a responsible manner. BIS develops framework against CBDC cyberattacks. Open in AppIn June 20th they published a integrated ledger scheme for cross-border and tokenized asset transactions.Furthermore, in April, the BIS and the Bank of England cooperated in tests using distributed ledger technology.

The Future of CBDC Security

The BIS framework is a significant step forward in addressing the cybersecurity challenges associated with CBDCs.However, the threat landscape is constantly evolving, and central banks must remain vigilant and adapt their security strategies accordingly.The future of CBDC security will depend on ongoing collaboration, innovation, and a commitment to building resilient and secure digital currency systems.

As technology advances, new threats will emerge, and central banks must be prepared to respond effectively. bisは分散型金融については慎重だが、cbdcの採用を強く支持している。6月20日には、クロスボーダーとトークン化された資産取引のための統合台帳案を公表した。4月には、bisとイングランド銀行とは分散型台帳技術で協力してテストを実施した。This requires continuous monitoring of the threat landscape, ongoing security research, and proactive implementation of new security measures. Threat actors could destabilize economies and erode central bank trust if retail CBDC operations are not protected by a resilient cybersecurity framework. The BIS model assumes a two-tier CBDC system where the central bank knows the balances of each member.With proactive planning, any risks from CBDC adoption should be minimal. Menu. Home; Bitcoin Chart; Cryptocurrency News; Cryptocurrency Software; Privacy PolicyBy learning from DeFi exploits, security should be better than current systems. On July 7, the Bank for International Settlements (BIS), a financial institution owned by constituent central banks, published a framework for defending central bank digital currencies (CBDCs) against cybersecurity threats.It also relies heavily on creating security teams within banks with senior leadership support.

Conclusion: Key Takeaways and Actionable Advice

The BIS framework for defending CBDCs against cyberattacks represents a crucial step towards securing the future of digital finance.By providing central banks with a comprehensive set of guidelines and best practices, the framework helps to mitigate the risks associated with CBDCs and promote their responsible adoption. On July 7, the Bank for International Settlements (BIS), a financial institution owned by constituent central banks, published a framework for defending central bank digital currenciesThe establishment of a security framework for CBDCs is also important to reduce the risk that retail CBDC operations might destabilize economies and erode central bank trust.

Here are some key takeaways and actionable advice for central banks and other stakeholders:

  • Prioritize security from the outset: Incorporate security considerations into every stage of the CBDC design and implementation process.
  • Adopt a layered approach to security: Implement multiple layers of security controls to protect against a wide range of threats.
  • Leverage the MITRE ATT&CK framework: Use the framework to analyze potential threats and develop targeted mitigation strategies.
  • Establish a clear organizational structure: Define roles and responsibilities for CBDC security and promote collaboration among different teams.
  • Share threat intelligence and best practices: Collaborate with other central banks, financial institutions, and stakeholders to share information and improve security.
  • Continuously monitor the threat landscape: Stay informed about emerging threats and adapt your security strategies accordingly.
  • Get security and senior leadership support: Create security teams within banks to support threat mitigation for CBDC adoption.

By following these recommendations, central banks can build secure and resilient CBDC systems that promote financial innovation while protecting against cyber threats.The BIS framework provides a solid foundation for this effort, and its ongoing development will be crucial to ensuring the long-term security and stability of CBDCs.

As the world moves towards a more digital financial future, the security of CBDCs will be paramount. The institution cited rising exploits against DeFi as a need for more secure CBDCs.Continue reading BIS develops framework against CBDC cyberattacksThe post BIS develops framework agThe BIS framework is a critical tool in this effort, providing central banks with the guidance and resources they need to navigate the complex cybersecurity landscape and build trust in these innovative digital currencies.Central banks, financial institutions, and technology developers can use the resources in this framework to build secure, reliable, and robust CBDC systems to protect consumers and secure financial stability.

Alaric Drome can be reached at [email protected].

Comments