News reaction: Promoting a secure and resilient digital pound

Central Bank Digital Currencies (CBDCs) are government-backed digital currencies which are issued by a central bank to businesses and the public and are currently being actively considered by major economies across the globe. CBDCs could provide a range of benefits to users, but they also present resilience and security challenges and considerations that must be addressed if they are to become a sustainable form of currency.

The Bank of England is one of many central banks reviewing the merits of introducing a CBDC with the recent consultation on the technical aspects of a digital pound.

Despite being a few years away from fruition, the Bank of England and HM Treasury have stated that “the digital pound will be needed in the future” and therefore are “convinced that preparatory work is justified.”

Here, Deputy Director of Commercial Research, Jon Renshaw, outlines some of the key points from NCC Group’s submission to the consultation, setting out how a digital pound will require resilience, privacy and security by design at the core, minimising risk from cyberattack, supply chain disruption and software failure and ensuring that the currency can evolve into a trusted form of payment.

Security

A secure by design CBDC system prevents exploitation and establishes and builds stakeholder trust and adoption. We support the Bank’s secure by design approach to ensure that security is considered at all stages of the design, development, and operation of a CBDC. Specific recommendations we’ve made in our response include:

• The Bank should consider how ongoing systemic security would be managed as new and innovative services are built on top of the digital pound by Payment Interface Providers (PIPs) and External Service Interface Providers (ESIPs).
• Horizon scanning functions should be established to ensure that technological developments such as post-quantum cryptography (PQC) are understood and accounted for.

In line with the Bank’s consideration of crypto-agility as a design goal, the digital pound ecosystem should also be designed with flexibility to migrate to quantum safe algorithms.

Resilience

From a resilience point of view, we recommend that the following components should be incorporated into the regulation of the digital pound ecosystem, and its accompanying guidance: 

• Supplier failure, service deterioration, concentration risk, political risks and transfer of ownership should be named as specific risks firms need to mitigate through business continuity and stressed exit plans, with responsibility assigned at an SMF24 level (i.e. Chief Operations function).  
• Ecosystem participants should map their supplier landscape, identifying material services which will require greater focus for risk mitigation. The Bank should also ensure that critical third-party providers to the digital pound ecosystem are incorporated into the new regulatory regime coming into effect via the Financial Services and Markets Bill.  
• Software Bill of Materials (SBOM) should be used to understand the software supply chain and more effectively detect and manage vulnerabilities introduced by software suppliers. 
• The Bank should consider how resilience is tested, including through demonstrably successful dry runs of business continuity, stressed exit, disaster recovery and cyber incident response plans, the use of pre-production environments for update testing and evaluating high availability technologies during system build and integration. 
• In alignment with the Bank’s other operational resilience regulatory guidance, the Bank should recommend practical, proportionate and cost-effective resilience solutions that will enable firms to achieve compliance, such as cloud, software and technology escrow agreements.

Privacy

Privacy is fundamental to trust and confidence in the CBDC system. Our privacy guidance focused on ensuring appropriate authentication and authorisation is applied and that appropriate risk management and testing is incorporated to ensure that applied privacy controls are effective.

• The Bank should ensure that PIPs and ESIPs can only access data via the necessary API to perform transactions on behalf of their customers, acting on a need-to-know basis.
• While we welcome the proposal for neither the Government nor the Bank to have access to personal data, the Bank should consider the risk of de-pseudonymisation and what measures can be put in place to mitigate against this (e.g. aggregating transaction records).

Next steps

The Bank of England is currently designing the architectural foundations of a digital pound and expects to be in a position to pilot and launch a digital pound by 2025, with responses to the consultation used to inform future work in the area. NCC Group looks forward to continuing to engage with the Bank as a constructive security and resilience partner.