Inside Cybersecurity

March 28, 2024

Daily News

Atlantic Council report identifies cyber challenges, policy options for central bank digital currency

By Charlie Mitchell / June 16, 2022

With the U.S. and over a hundred countries exploring the possibility of creating central bank digital currencies, a report from the Atlantic Council offers policymakers a primer on cybersecurity considerations around the “fast-moving, consequential, and still somewhat nascent” issue.

“The security of CBDCs has real-world import and is one of the major challenges to overcome if a CBDC is to be issued in the United States,” according to the report, “Missing Key: The challenge of cybersecurity and central bank digital currency.” A CBDC would be launched, maintained and insured by the federal government.

“Not just because of the classical counterfeiting scenarios or the possibility of a hacker looting the digital equivalent of Fort Knox,” the report said, “but also because a government-administered digital currency system could—depending on how it is designed—collect, centralize, and store massive amounts of sensitive data about individual Americans and granular details of millions of everyday transactions.”

The cybersecurity and privacy protections of digital assets is a top priority for the Biden administration, according to Carole House of the National Security Council, who spoke Wednesday at an Atlantic Council event to unveil the report.

House said the administration is “placing the highest urgency” into researching the “merits” of launching a CBDC, as countries throughout the world engage in similar efforts. A CBDC would “need robust protections” around privacy and security, she said.

The report said, “While it is too early for a CBDC to be designed with ideal cybersecurity, efforts to dismiss a CBDC as uniquely and categorically vulnerable to cyberattacks have overstated the risk. This report puts forward a road map for policy makers to build secure CBDCs.”

Among its findings, the report said “CBDCs can enable both strong user privacy and (some level of) regulatory oversight at the same time”; and that “a privacy-preserving currency design can inherently provide security advantages.”

It offered six principles for legislation and regulation:

  • Where possible, use existing risk management frameworks and regulations.
  • Privacy can strengthen security.
  • Test, test, and test some more.
  • Ensure accountability.
  • Promote interoperability.
  • When new legislation is appropriate, make it technology neutral.

Also on the Wednesday event were: Neha Narula, director of MIT’s Digital Currency Initiative; Giulia Fanti, report co-author and nonresident senior fellow with the Atlantic Council GeoEconomics Center; and Michael Mosier, general counsel at Espresso Systems, senior advisor at Oliver Wyman, and former acting director of the Treasury Department’s Financial Crimes Enforcement Network. – Charlie Mitchell (cmitchell@iwpnews.com)