Blockchains and cyberwar: Why the next wave of interbank settlement systems will be decentralised
Currently a number of central banks around the world are exploring two things:
- A decentralised interbank payment system
- A central bank digital currency
Though often conflated, these are slightly different concepts. You can decentralise your interbank payment systems without allowing the public to have digital access to the central bank’s balance sheet, and vice versa.
This short post is about the first set of experiments: decentralising the interbank payment systems.
A Real Time Gross Settlement (RTGS) system allows banks to make real time payments to each other, with finality of settlement (ie once it’s paid, it’s paid and there’s no more waiting for anything else to clear). They operate at a national level, for payments in the country’s currency. In some countries RTGS systems operate during office hours only, and in others it’s close to 24×7.
RTGS systems are extremely efficient. They solve the problem of banks needing to maintain mutually funded accounts with each other, and allow banks to hold one single account balance with the central bank, and use that to pay any other bank in the network.
Why would you want to decentralise these highly efficient payment systems?
The RTGS system is the heart of your financial system. It is core infrastructure for the safe functioning of the financial system, and the country’s economy. And when it breaks, things stop working extremely quickly. Interbank payments back up, leading potentially to retail payments backing up. Perhaps people stop being able to use debit and later credit cards. Banks would have to go back to using correspondent bank accounts to meet their bilateral obligations (and you’d hope that the centralised SWIFT network is working, else things get really tricky). Supply chains get disrupted as businesses cannot pay each other. And so on.
If you were a terrorist, or a nation state attacking another nation state, it would make a lot of sense to target the RTGS system. In one successful operation, you could rapidly cripple a country and hold it to ransom.
Of course, there are many other places to attack, such as the electricity grid – but electricity is to a certain extent decentralised. Countries tend to have multiple power stations rather than relying on a single one, and large infrastructures like data centres have backup generators. But there is only one RTGS system.
Of course RTGS systems are built to the highest standards of resiliency, with hot-hot replicating databases built across multiple redundant geographically disperse data centres, etc, etc. But the fact is that they are still one logical system, sitting right at the core of the country’s economy. It seems inevitable that a centralised RTGS system will be successfully attacked at some stage in the future.
A decentralised RTGS system on a distributed ledger de-risks your financial system (and therefore your country) from this attack vector. The ledger is run and maintained by the participants, so the attacker would need to target individual banks, each with their own different cybersecurity defences. It would be much much harder for the attacker to cripple the financial system in one sweep.
Cyberwar is a reality, and is a highly compelling reason to decentralise as much critical financial and digital infrastructure as possible.
Think of BitTorrent. It’s a decentralised data sharing network that can not be taken down – that’s why it continues to exist (to the annoyance of the movie and music industries) while previous centralised data sharing architectures such as Napster were able to be shut down.
Distributed ledgers, for the first time in history, allow formerly centralised systems to be run in a decentralised manner. The key innovation is the ability for entities to own unique digital assets, and know that these are valid assets, without pointing to a centralised ledger somewhere else as the ledger of ownership.
De-risking centralised digital infrastructure must be a priority of the highest order for nation states.
It’s not just RTGS systems though. What other digital repositories might need to be decentralised? Identity databases, land registries, passport offices – anywhere where digital assets should be safeguarded from potential attack. And, if the right platform is used, you’re not only de-risking, but you will enable new benefits relating to the atomic and automated exchange of digitised assets (but that’s something for another post).
Here’s a perspective from Richard Dzina, Executive Vice President of the Federal Reserve Bank of New York: Remarks at SIFMA’s 43rd Annual Operations Conference, Miami Beach, Florida entitled “Toward a New Paradigm for Resiliency and Security”.
Distributed Ledger platforms should be part of any cybersecurity strategy.
I am incredibly lucky to be working at R3 where I spend my time building solutions to these critical issues. The more time I spend looking at these, the more I believe that the Corda platform is the most appropriate “blockchain” platform for these pieces of mission critical infrastructure.
Do contact me if any of this resonates or inspires a good use case.