US, EU, and UK Regulations on Cybersecurity of Blockchain Technologies

“

This review article is focussed on multiple standards and regulations, while NIST and ISO27001 are used for comparison. New standards are also discussed, like ENISA. Although these standards are still in their infancy comparing to NIST, their contributions should not be ignored. Some of the key findings from this review study are: 1. ENISA follows the NIST approach but provides a different perspective on how cyber risk should be assessed. 2. ENISA seems to be following the non-technical design of the NIST standards, but the technical guidance from the NIST cryptographic algorithms is missing from the ENISA cyber risk assessment guidance documents. 3. Future research is needed to help understand the new risks from increased adoption of new technologies (e.g., IoT and Blockchain). 4. There are no current standards to govern the use of Blockchains, and their value has increased to over a trillion. 5. Failure of one main stable-coins, like USDT, USDC, or BUSD, could trigger a domino effect in other stable-coins, and spill over into a crypto winter for all Blockchains. 6. The Federal Reserve has been slow in responding to the systemic risk created by stable coins and cryptocurrencies. 7. The continuous funding of new reports on CBDC has not resulted with any significant advancements in the developments a USA regulated CBDC. 8. The asset value (as of 28th November 2022) of USDT was $65bn, of the USDC was $44bn, and BUSD was $22bn, and those are just 3 cryptos out of 21,872 cryptos and these projects operate with almost no regulation from any government in the world. a. The current asset value (as of 29th March 2023) of USDT is changed to $79.5bn, of the USDC is $33bn, and BUSD is $7bn. b. This change was caused by the depegging of the USDC that traded over 12% below the US dollar beginning of March 2023, following the collapse of Silicon Valley Bank (SVB). c. The BUSD was partially affected by the collapse of SVB, but also by other factors, for example, today, investors decided to ‘pull $1.6 billion from Binance after CFTC lawsuit’ [61]. 9. Financial regulators have ignored the cryptocurrencies, but without regulations, we can expect these assets to remain volatile and many individuals will lose their savings. 10. The crypto market is difficult for EU and US regional regulators to supervise, because many project are based abroad and operate on the Internet. One of the key measures for success is to regulate crypto exchanges that are allowed to operate in the region, and not push the exchanges away into countries that are out of their jurisdictions. 11. The EU is much further away than the US, from regulating the crypto market and bringing it into the mainstream. The MiCA is not perfect, but at least it’s a framework and infrastructure to use as a guidance point. 12. It looks like layer one coins will be exempted—in the EU at least. The overarching conclusion is that many cyber risks remain unregulated, including IoT and crypto. With this analysis, we can forecast that: A. DDoS attacks will continue in 2023 and beyond and become more sophisticated. B. Crypto markets are likely to cause significant loss of savings for individuals that invest in them. The main factor for the cyber risk from Blockchain Technologies is the lack of regulations, in the US, EU, UK, and globally.

”