1、July 2023Part 2:A security and resilience framework for CBDC systems Project PolarisBIS Cyber Resilience Coordination CentreIn parternship with:A security and resilience framework for CBDC systems 3 Contents 1.Executive summary 5 2.Acronyms and abbreviations 8 3.Introduction 9 4.Assumptions about a

2、CBDC ecosystem 11 4.1 A two-tier CBDC model 11 4.2 Participants security and resilience capabilities 12 4.3 Complexity and risk profile of retail CBDC systems 13 5.Understanding the framework 16 5.1 CBDC security and resilience:objectives and design criteria 16 5.2 Threat landscape for CBDC systems

3、17 5.2.1 Threat actors 18 5.2.2 Threat events 19 5.2.3 Risks 22 5.3 Building blocks of the proposed framework 23 5.4 The Polaris framework for secure and resilient CBDC systems 25 5.4.1 Categorisation of control objectives 26 5.4.2 Enterprise capabilities represented in the framework 27 5.4.3 Seven

4、steps to secure and resilient CBDC systems 28 6.Applying the framework 33 6.1 Adapting the framework 33 6.2 Roles and responsibilities within the central bank 33 6.3 Roles and responsibilities across the ecosystem 36 6.4 Path to readiness and maturity 39 7.Summary 42 8.Appendix A:Control objectives

5、in the framework 43 Prepare 43 Identify 48 Protect 50 Detect 54 Respond 55 Recover 56 Adapt 57 A security and resilience framework for CBDC systems 4 9.Appendix B:Enabling technologies for security and resilience 59 10.Glossary 62 11.References 65 12.Acknowledgments 67 This framework was quality ass

6、ured by PA Consulting:A security and resilience framework for CBDC systems 5 1.Executive summary Cyber attacks on critical infrastructure are amongst the top five risks that could have the greatest impact on a global scale.1 Central bank digital currency(CBDC)systems would be considered a critical n