How is CBDC safe from vulnerability and cyber security attacks?

CBDC is a digital form of central bank money that can be accessible to the general public; essentially, it consists of individuals and firms having access to transaction and savings accounts with their home country’s central bank. The Government of India has proposed to issue CBDC, ‘Digital Rupee’ during the FY2022-23 which would be a digital avatar of India’s Fiat Currency, controlled and monitored by the Reserve Bank of India (RBI). CBDC will be a legal tender, being a revamped version of the physical currency, which will eventually reduce cost of currency management.

CBDC could help policy-makers achieve goals around payment efficiency, financial inclusion, banking and payment competitiveness, access to safe central bank money in the era of digital payments, and more. People can convert digital currency to physical currency and vice-versa with ease. As per RBI, the digital rupee blockchain being developed by the RBI would be able to trace all transactions, unlike the current system of mobile wallets offered by private companies.

The units issued in the digital rupee would be included in the currency in circulation, it added. The RBI's digital currency is likely to debut by early 2023. Currently, the bitcoin blockchain supports up to seven transactions per second and then there are some others that let a few thousand transactions per second. However, security aspects involved in constructing and deploying a central bank digital currency (CBDC).

It is a matter of great concern on the Security part, which is an essential element in the CBDC system. In addition to securing the underlying storage and transfer of value, security involves aspects of privacy and resilience. Threats must be mitigated to protect the integrity of funds and the confidentiality of users.

A secure CBDC system will retain public trust in the central bank. Under an account-based model, transactions can be approved by the originator and the beneficiary based on verification of the users’ identity, and the Central Bank can carry out the settlement. In the token-based model, transactions will be approved by the originator and beneficiary through a public-private key pair and digital signatures. This system does not require access to the users’ identity, thereby allowing higher levels of privacy.

The use of cloud technologies to deploy a CBDC can improve availability. Databases and endpoints deployed in the cloud can be dynamically configured to scale with operational load and maximize country-wide availability. However, the concern on CBDC could translate into the system’s ability to withstand large-scale cyberattacks. Disruptions, such as a distributed denial of service or a botnet attack, may temporarily limit or disable access to the system. Standard cyber security techniques can reinforce public end-points and connected systems to mitigate the impact of such attacks.