====== 5. Risk of Data being hacked due to weak Security Infrastructure ======
|< 100% >|
| [[cbdc:public:cbdc_omg:04_doc:20_comments:brp:q11:start| Return to Question 11]] | Provide Feedback |
: //When Senator Mark Warner (D-VA) questioned witness Dr. Neha Narula, Director of the Digital Currency Initiative at MIT, on security risks associated with cryptocurrencies, she responded that, with respect to ransomware attacks, the issue is that valuable data has not been properly secured, and suggested that a CBDC could have built-in safeguards. She also believed that open-source software is critical for security.//((
Buckley Firm,
__Senate holds hearing on central bank digital currency__,
16 June 2022,
Accessed: 24 April 2022,
[[https://buckleyfirm.com/blog/2021-06-16/senate-holds-hearing-central-bank-digital-currency]]
))
Data can exist in many states depending on how it is being used. Each of the different Data States poses its own risks of compromising data. The primary concern with data is that it compromises End User Privacy. See section [[cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start]].
The risks and concerns about Data in each of the different states are also important. Often, the primary focus for understanding data is to concentrate on [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:d:dataatrest | Data-at-Rest]]. Although this data is relatively static, it can change over time. In the past, there was little concern for [[https://www.omgwiki.org/dido/doku.php?id=[dido:public:ra:xapend:xapend.a_glossary:d:data_in_motion | Data-in-Motion ]], which can have serious effects on [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:r:ram | Reliability, Maintainability, and Availability (RAM)]], as well as, [[https://www.omgwiki.org/dido/doku.php?id=[dido:public:ra:1.4_req:2_nonfunc:25_security | Securability]] and can leave a system vulnerable to breaches. With the advent of HTTPS, these vulnerabilities are mitigated. The latest issue has become the need to secure [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:d:data_in_use | Data-In-Use]]. A recent WhatsApp data breach ((
Czarina Grace,
__WhatsApp Data Breach 2021 Could Expose 2 Billion Users: Update Now on Android, iOS to Fix Security Risk__,
iTechPpost,
6 September 2021,
Accessed 6 October 2021,
[[https://www.itechpost.com/articles/106929/20210906/whatsapp-data-breach-2021-expose-2-billion-users-update-now.htm]]
)) found that switching data between image filters could cause memory corruption followed by a crash that left data exposed.
Figure {{ref>DataStateFigure}} graphically represents the different Data States within a system. Most systems are now able to handle the Data-in-Motion and the Data-at-Rest issues but have traditionally relied on physical security to protect Data-in-Use.
{{ cbdc:04_doc:20_comments:brp:q11:data_states.png?600 |}}
The Various States of Data.
Any risk assessment must include the Security Infrasture and the state of data:
* [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:d:dataatrest | Data-at-Rest]]
* [[https://www.omgwiki.org/dido/doku.php?id=[dido:public:ra:xapend:xapend.a_glossary:d:data_in_motion | Data-in-Motion ]]
* [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:d:data_in_use | Data-In-Use]]
/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/* To add a discussion page to this page, comment out the line that says
~~DISCUSSION:off~~
*/
~~DISCUSSION:on|Outstanding Issues~~
~~DISCUSSION:off~~