1、July 2023Part 3:Closing the CBDC cyber threat modelling gaps Project PolarisBIS Cyber Resilience Coordination CentreIn parternship with:Closing the CBDC cyber threat modeling gaps 3 1.Executive summary 4 2.Introduction 6 2.1 Cyber threat landscape 6 2.2 Central bank digital currency 7 2.3 Scope and

2、objectives 8 3.Background 9 3.1 Cryptocurrency concepts and technology DeFi,DLT and CBDC 9 3.2 Current cyber security standards and frameworks(applicability)10 3.3 Threat models and the MITRE ATT&CK framework 11 3.4 Potential threats for CBDCs 14 4.Analysis 16 4.1 Analysis of notable attacks against

3、 DeFi 16 4.2 Tactic,techniques,and procedures(TTPs)mapping 16 4.3 Summary of analysis 24 5.Findings and discussion 28 5.1 Gaps,observations and insights 28 5.2 Future work 32 6.Conclusion 33 Annex A:TTP mapping of notable DeFi attacks 34 References 49 Authors and acknowledgements 51 This paper was q

4、uality assured by PA Consulting:Closing the CBDC cyber threat modeling gaps 4 1.Executive summary Decentralised finance(DeFi)continues to revolutionise the financial industry.It has been argued that DeFi started in 2009 with the launch of Bitcoin,the first peer-to-peer digital asset to use blockchai

5、n technology.In 2015,Ethereum was launched and with it came the popularisation of smart contracts.1 DeFi can be defined as an umbrella term for an eclectic mix of blockchain technology,digital assets,decentralised applications(dApps),and distributed ledgers(DLT).There are many products and services

6、that adopt this technology including crypto currency and stablecoin exchanges,derivatives,credit,and insurance services.Cryptocurrencies in particular have enjoyed a remarkable adoption rate due to their accessibility and low transaction fees,all without the need for intermediaries as in the case of