A revealing new detail has surfaced in the Colonial Pipeline saga. The main gasoline distribution connection was shut down for six days after a hack, causing gas shortages in the southeastern United States. Main pumps, substations, or other physical pipeline infrastructure were the main target of the hack, according to a CNN report. Instead, the hackers went after the money.
“The company has ceased operations because its accounting system was compromised,” sources told CNN. The pipeline operators “feared they would not be able to figure out how much to charge customers for the fuel they received.”
David Z. Morris is CoinDesk’s Chief Insights columnist.
Connected: What is Fiat Money’s carbon footprint?
The Shutdown of Colonial Power is just the latest in a series of examples of the increasing threat posed by cyberattacks. Ransomware attacks are rapidly approaching crisis levels, while cyber espionage between nations also accelerates. Most recently, the allegedly Russian-backed solar wind attack has dug deep into an as-yet-unclear number of systems, with effects likely to take years.
Despite the rising tide of extremely harmful hacks, central banks of many nations are pursuing the creation of new digital systems that would be major hacking targets: central bank digital currencies, or CBDCs. The goal of these systems is generally to enable users to hold central bank dollars directly in digital form rather than through an intermediate bank or payment platform. Central banks are already doing this in the form of physical banknotes, so creating “digital cash” is not a wild stretch of their mandate.
Although CBDC systems are nominally influenced by cryptocurrencies like Bitcoin, they are unlikely to be based on the distributed blockchain technology that keeps cryptocurrency base layers essentially hack-proof. That means the systems could become an inconceivably enticing target for hackers, with potential disruptions even greater than shutting down an important gasoline line.
The story goes on
Aligning it with the pipeline’s financial system rather than its valves or switches underscores the fundamentally increased cybersecurity risk that comes with conventional digital finance. While more and more infrastructure is digitally connected in one way or another, in general it is still a very challenging and long-term process to compromise these systems. Attacks like the Stuxnet worm, which the US and Israel allegedly used to physically damage Iranian nuclear facilities, take years and government resources to execute.
Connected: Musk motivation
The colonial hackers seem to have been more of a freelance criminal gang than state actors, at least for the time being. With limited resources, it was no surprise that they went for the softer goal of financial records (it’s also a matter of strategy: although it might turn out to be a misdirection, the gang said in a statement that their goal was to do this money, not upset the pipeline). Interfering with such records is fundamentally easier than disrupting the physical infrastructure, for the simple reason that they are largely purely digital. Changing numbers on a computer system (or locking the files in this case) is almost always easier than using the same system to change the physical world.
This central vulnerability of digital money made the unwieldy, but almost impenetrable blockchain system necessary to secure Bitcoin. Every central bank digital currency has to solve the same problem, but politics makes the same solution impractical: the security of a cryptocurrency like Bitcoin is inextricably linked to the fact that nobody really controls it. Most central banks, which ultimately have to respond to governments, cannot make this compromise.
However, CBDCs could continue to introduce decentralized security by taking carefully selected pages from the crypto playbook. According to JP Schnapper-Casteras, an attorney who works with the Atlantic Council on CBDC research and advice, “elements of node validation” like blockchains could be based on many copies of a ledger. At least roughly, this would make it impossible for a FedCoin to be hit by the same type of attack that destroyed Colonial’s system by locking financial data in a central location.
Similarly, a proposed “two-tier” CBDC design would allow different versions of software to interact according to standards set by central banks. While a completely centralized system with uniform code can be compensated for by a vulnerability, a diverse code base makes the scalability of cyber attacks more difficult and increases security.
Even more important is the use of open source software to create CBDCs. Publishing source code along with incentives like bug bounty programs means legions of white hat hackers can and will investigate it for bugs. “Open source systems have proven to be more durable, reliable, and dependable. [and] More expandable over time, ”says Schnapper-Casteras. Because of this, much of the Internet is now running on software that has been battle-tested in the open source arena, such as Apache and Linux. And Bitcoin is known to be open source with a particularly secretive and bureaucratic update process that prevents unnecessary changes that could pose security risks.
But that option is likely not available to arguably the most influential actor in CBDCs – the People’s Bank of China. It is widely believed that its “digital yuan” is subject to extensive centralized surveillance and censorship. These “features” would likely be highlighted if his code were public.
This would seriously undermine another obvious goal of the Chinese project: greater use of the yuan outside of China. However, this also means that the system cannot be reliably tested for security vulnerabilities. In turn, a lack of transparency could prevent the PBOC from negotiating standards for international CBDC interoperability. “I’m not sure if China and the US will play on the same bodies that set standards at the end of the day,” says Schnapper-Casteras.
While things are still quite early on, the US Federal Reserve may be better able to make its system open source. The Boston Fed launched a CBDC research program with the Massachusetts Institute of Technology last year and will reportedly be releasing not only its ideas but also its code in July.
This is one of the main reasons why Schnapper-Casteras and others believe that caution is ultimately more important than speed, despite China’s first mover status with CBDCs.
“In terms of security decisions and an open source code base, this could be a great asset and a source of strength in the long run,” says Schnapper-Contreras. “Because you don’t want to roll something out super fast and make it flawed. That would be a disaster. “
