What is it about?

This article starts with a comparison of existing cybersecurity standards and regulations from the National Institute of Standards and Technology (NIST) and the International Organisation for Standardisation (ISO)—ISO27001, followed by a discussion on more specific and recent standards and regulations, such as the Markets in Crypto-Assets Regulation (MiCA), Committee on Payments and Market Infrastructures and the International Organisation of Securities Commissions (CPMI-IOSCO), and more general cryptography (and post-quantum cryptography), in the context of cybersecurity. These topics are followed up by a review of recent technical reports on cyber risk/security and a discussion on cloud security questions. Comparison of Blockchain cyber risk is also performed on the recent EU standards on cyber security, including European Cybersecurity Certification Scheme (EUCS)—cloud, and US standards—The National Vulnerability Database (NVD) Common Vulnerability Scoring System (CVSS).

Featured Image

Why is it important?

The research significance is the integration of knowledge from the United States (US), the European Union (EU), the United Kingdom (UK), and international standards and frameworks on cybersecurity that can be alighted to new Blockchain projects. The results show that cybersecurity standards are not designed in close cooperation between the two major western blocks: US and EU. In addition, while the US is still leading in this area, the security standards for cryptocurrencies, internet-of-things, and blockchain technologies have not evolved as fast as the technologies have. The key finding from this study is that although the crypto-market has grown into a multi-trillion industry, the crypto-market has also lost over 70% since its peak, causing significant financial loss for individuals and cooperation’s. Despite this significant impact to individuals and society, cybersecurity standards and financial governance regulations are still in their infancy, specifically in the UK.


This review article is focussed on multiple standards and regulations, while NIST and ISO27001 are used for comparison. New standards are also discussed, like ENISA. Although these standards are still in their infancy comparing to NIST, their contributions should not be ignored. Some of the key findings from this review study are: 1. ENISA follows the NIST approach but provides a different perspective on how cyber risk should be assessed. 2. ENISA seems to be following the non-technical design of the NIST standards, but the technical guidance from the NIST cryptographic algorithms is missing from the ENISA cyber risk assessment guidance documents. 3. Future research is needed to help understand the new risks from increased adoption of new technologies (e.g., IoT and Blockchain). 4. There are no current standards to govern the use of Blockchains, and their value has increased to over a trillion. 5. Failure of one main stable-coins, like USDT, USDC, or BUSD, could trigger a domino effect in other stable-coins, and spill over into a crypto winter for all Blockchains. 6. The Federal Reserve has been slow in responding to the systemic risk created by stable coins and cryptocurrencies. 7. The continuous funding of new reports on CBDC has not resulted with any significant advancements in the developments a USA regulated CBDC. 8. The asset value (as of 28th November 2022) of USDT was $65bn, of the USDC was $44bn, and BUSD was $22bn, and those are just 3 cryptos out of 21,872 cryptos and these projects operate with almost no regulation from any government in the world. a. The current asset value (as of 29th March 2023) of USDT is changed to $79.5bn, of the USDC is $33bn, and BUSD is $7bn. b. This change was caused by the depegging of the USDC that traded over 12% below the US dollar beginning of March 2023, following the collapse of Silicon Valley Bank (SVB). c. The BUSD was partially affected by the collapse of SVB, but also by other factors, for example, today, investors decided to ‘pull $1.6 billion from Binance after CFTC lawsuit’ [61]. 9. Financial regulators have ignored the cryptocurrencies, but without regulations, we can expect these assets to remain volatile and many individuals will lose their savings. 10. The crypto market is difficult for EU and US regional regulators to supervise, because many project are based abroad and operate on the Internet. One of the key measures for success is to regulate crypto exchanges that are allowed to operate in the region, and not push the exchanges away into countries that are out of their jurisdictions. 11. The EU is much further away than the US, from regulating the crypto market and bringing it into the mainstream. The MiCA is not perfect, but at least it’s a framework and infrastructure to use as a guidance point. 12. It looks like layer one coins will be exempted—in the EU at least. The overarching conclusion is that many cyber risks remain unregulated, including IoT and crypto. With this analysis, we can forecast that: A. DDoS attacks will continue in 2023 and beyond and become more sophisticated. B. Crypto markets are likely to cause significant loss of savings for individuals that invest in them. The main factor for the cyber risk from Blockchain Technologies is the lack of regulations, in the US, EU, UK, and globally.

Dr Petar Radanliev
University of Oxford

Read the Original

This page is a summary of: Review and Comparison of US, EU, and UK Regulations on Cyber Risk/Security of the Current Blockchain Technologies: Viewpoint from 2023, The Review of Socionetwork Strategies, May 2023, Springer Science + Business Media,
DOI: 10.1007/s12626-023-00139-x.
You can read the full text:




The following have contributed to this page