David Morris: What if someone breaks into the money pipeline next?

David Morris: What if someone breaks into the money pipeline next?

The Colonial hackers, at least for now, appear to have been a freelance criminal gang rather than state actors. Because they had more limited resources, it’s little surprise that they aimed for the softer target of financial records (It’s also a matter of strategy: Though it could turn out to be a misdirection, the gang said in a statement that their goal was to make money, not disrupt the pipeline). Interfering with such records is fundamentally easier than disrupting physical infrastructure, for the simple reason that for the most part they are purely digital. Changing numbers in a computing system (or, in this case, just locking the files) is pretty much always more straightforward than using that same system to change the physical world. The targeting of the pipeline’s financial system, rather than its valves or switches, highlights the fundamentally heightened cybersecurity risk that accompanies conventional digital finance. While it’s true that more and more infrastructure is digitally connected in one way or another, it’s still generally a very challenging and long-term process to compromise those systems. Attacks like the Stuxnet worm, which the U.S. and Israel allegedly used to physically damage Iranian nuclear facilities, take many years and state-scale resources to execute. That core vulnerability of digital money is what necessitated the unwieldy but nigh-impenetrable blockchain system securing bitcoin. Any central bank digital currency has to solve the same problem, but politics makes the same solution impractical: The security of a cryptocurrency like bitcoin is inextricable from the fact that nobody truly controls it. Most central banks, which ultimately must be responsive to governments, can’t make that trade-off.

Despite the rising tide of hugely damaging hacks, many nations’ central banks are pursuing the creation of new digital systems that would be major hacking targets: central bank digital currencies, or CBDCs. The goal of these systems, broadly, is to allow users to directly hold central bank dollars in a digital form, rather than through an intervening bank or payments platform. Central banks already do this in the form of physical banknotes, and so creating “digital cash” isn’t a wild stretch of their mandate. The Colonial shutdown is just the latest in a drumbeat of examples of the rising threat of cyberattacks. Ransomware attacks are rapidly approaching crisis levels, while cyberespionage between nations also continues to accelerate. Most recently, the reportedly Russian-backed Solarwinds attack burrowed deep into a still-unclear number of systems, with ramifications likely to last years.

But CBDC systems, while nominally influenced by cryptocurrencies like bitcoin, are unlikely to be based on the distributed blockchain technology that keeps cryptocurrency base layers essentially hack-proof. That means the systems could become an unimaginably alluring target for hackers – with potential disruptions even bigger than the shutdown of a crucial gasoline pipeline. David Z. Morris is CoinDesk’s Chief Insights Columnist.

But that option is likely unavailable to arguably the most influential player in CBDCs – the People’s Bank of China. Its “digital yuan” is widely believed to be subject to major centralized surveillance and censorship, “features” that would likely be highlighted if its code were public. That would seriously interfere with another apparent goal of China’s project: driving greater usage of the yuan outside China. But it also means the system can’t be robustly tested for security vulnerabilities. Lack of transparency could in turn box the PBOC out of negotiating standards for international CBDC interoperability. “I’m not sure if China and the U.S. will be playing at the same standards-setting bodies at the end of the day,” Schnapper-Casteras says. Even more crucial is the use of open-source software to build CBDCs. Releasing source code publicly, along with incentives like bug bounty programs, means legions of white-hat hackers can and will scrutinize it for bugs. “Open-source systems have proven to be more enduring, more reliable, more extensible over time,” says Schnapper-Casteras. That’s why much of the internet now runs on software that was battle-tested in the open-source arena, such as Apache and Linux. And bitcoin is famously open-source, with a particularly arcane and bureaucratic update process that prevents unnecessary changes that might introduce security risks.

Similarly, one proposed “two-tier” CBDC design would allow various versions of a piece of software to interact according to standards established by central banks. While a fully centralized system with uniform code could be leveled by one vulnerability, a diverse codebase makes cyberattacks harder to scale, increasing security. But CBDCs could still introduce decentralized security by taking carefully selected pages from the crypto playbook. One might be “elements of node validation” similar to the way blockchains rely on many copies of a ledger, according to J.P. Schnapper-Casteras, a lawyer who works with the Atlantic Council on CBDC research and consulting. At least in broad outline, that would make it impossible for a FedCoin to be hit with the same kind of attack that took down Colonial’s system by locking up financial data housed in one central location.

The News Highlights

  • David Morris: What if someone breaks into the money pipeline next?
  • Check the latest News news updates and information about business, finance and more.
Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
The Financial Law Forum Episode 4 – Promoting Financial Equality: Congressional Appropriation of Billions to Small Financial Institutions Can Reduce the Wealth Gap (Podcast) – Finance and Banking

The Financial Law Forum Episode 4 – Promoting Financial Equality: Congressional Appropriation of Billions to Small Financial Institutions Can Reduce the Wealth Gap (Podcast) – Finance and Banking

Over the last few months, the COVID-19 crisis has disproportionately affected small and minority-owned businesses across the country, many of which found the ...
It’s reassuring that companies are letting us know which titles will be absent at E3

Here’s what’s going on on Day 2 of the video game industry’s biggest trade exhibition, E3 2021

Bethesda, maker of the critically acclaimed “Elder Scrolls,” “Fallout” and “Doom” gaming franchises, was one of the largest privately held video game ...
iPhone 13 release date rumors.

Which iPhones will be killed by the iPhone 13 launch?

That’s the fate awaiting some of the phones Apple currently sells in just a few months’ time. We’re anticipating a September launch for the iPhone 13, and ...
Razer Opus X noise-canceling headphones challenge the top-rated brands like Sony, Bose, Apple

Meet An Affordable and Stylish ANC Headset to increase Gaming Experience : Razer Opus X

The launch of the Razer Opus X shows that Razer is committed to holding up its ideals of delivering stylish products that perform well. The more surprising ...
Cano Health buys college health care for $600 million

Cano Health buys college health care for $600 million

Cano Health shares were up 5% to $15.47 in premarket trading. Cano Health acquired University with $540 million in cash and $60 million in equity. The ...
At $299, DJI’s leaked Mini SE could be their most affordable drone yet

At $299, DJI’s leaked Mini SE could be their most affordable drone yet

— Güçlü Atamer (@GAtamer) June 11, 2021 Here’s the thing, though: as far as we can tell, this isn’t actually a less-expensive DJI Mini 2 — it appears to be a ...
Dunn School's Chad Stacy Receives Business Group's Unsung Hero Award |  school zone

Dunn School’s Chad Stacy Receives News Group’s Unsung Hero Award | school zone

“From creating a financial heat map to managing the school’s budget, Chad has helped Dunn establish a sustainable financial model,” Beck said. “Chad is most ...
Catholic Health resumes pre-pandemic visiting hours

Catholic Health resumes pre-pandemic visiting hours

Source Visits remain limited to two people at a time. Guests must also be 12 or older and will have to undergo a health screening prior to visiting.  ...
from nigeria Twitter ban leaves some companies in trouble

from nigeria Twitter ban leaves some companies in trouble

REVENUE LOSS “The ban has significant collateral damage,” said Muda Yusuf, director general of the Lagos Chamber of Commerce, who said that a “sizeable number ...
Future 50: Finding the Right Financing

Future 50: Finding the Right Financing

Whatever the source of finance, Mr Smith stressed the importance of making sure both company and investor objectives are aligned. This can determine what the ...
Show next
Compsmag - Latest News from tech, business and health
Logo