https://blog.rsisecurity.com/understanding-the-cryptocurrency-security-standard-ccss/
Cryptocurrency has become wildly popular in the past few years. Bitcoin was the predominant hot-button topic on every news channel and online publication in 2017 due to its meteoric climb to the point where a single Bitcoin fetched more than $10,000. Current market figures for Bitcoin have since fallen to around $6,000/Bitcoin due to global market volatility, but the increased industry competition means that cryptocurrency isn’t going away anytime soon. This means that companies such as Overstock, Expedia, Subway, PayPal, Shopify, and Microsoft that currently accept cryptocurrencies as a viable payment method must understand the cryptocurrency security standards (CCSS).
With over 1,800 cryptocurrency specifications currently in existence as of March 2018, it would be best if you were to understand the ins and outs of CCSS. Thankfully, we have compiled a complete overview of Cryptocurrencies, Blockchain, and CCSS that will keep your investment portfolio in the green for the foreseeable future.
CryptoCurrency Overview
For those who are not well acquainted with the ins and outs of cryptocurrency, you can think of it as a type of digital asset that functions as a medium of exchange. The premise of its innovative technology (cryptography) is to secure the transactional flow of assets to ensure that the creation of additional assets is adequately controlled.
The inventor of Bitcoin, Satoshi Nakamoto, had only ever wanted to invent a “Peer-to-Peer Electronic Cash System.” However, once his idea hit the web, it took off like wildfire in a direction that he never thought it would be used for. This was due to the heavy advertisement on the system being completely decentralized with no server or central authority. This appealed to many people who had been clamoring for this type of currency solution for decades.
Through the iterations of its development, Bitcoin eventually set itself up to mirror a Peer-to-Peer network (i.e. Napster, Torrent sites, etc.) which then spawned the creation of cryptocurrency industry as we know it in the 21st century made up of all the different virtual currencies.
The reason Bitcoin is so innovative is because it can be used as a global currency, stored easily on your hard drive instead of a brick and mortar bank, and isn’t subject to any one entity wanting to print more of the currency.
Since the value of Bitcoin is derived primarily from its scarcity, this is one of the reasons why releasing more Bitcoins into the system would cause the value to drop like a rock overnight. Now, the way that you acquire Bitcoins is where it gets tricky.
Prior to exchange systems for bitcoin transactions and trading being implemented, you had to “mine” Bitcoins via the cryptocurrency network to acquire portions of bitcoins. All you need to do is download and run the Bitcoin mining program and run a program that computes an encryption function called a hash.
If you can compute a number below a certain threshold, you will then be awarded with a certain number of Bitcoins. This used to be a relatively simple task that anyone could perform from their personal computer until the past few years when thousands of miners have jumped on the bandwagon to mine the digital currency as their full-time jobs.
Now, successfully mining Bitcoins requires a massive upfront investment in a mining rig that can cost tens of thousands of dollars (this is not including the massive power and cooling electrical needs these rigs require to run these mining programs which are massive). Once the transaction is confirmed by the miner, they must ensure that their node adds it to their database to ensure it becomes a part of the blockchain. For this, the miner gets a type of finder’s fee which is then deposited into their e-wallet as a portion of Bitcoins.
Blockchain Overview
The most simplified description of a blockchain is that it is a digital public ledger of all cryptocurrency transactions that is completely decentralized. Each transaction is recorded and kept on a block of other transactions in chronological order, thus creating a centralized record keeping solution. This is highly advantageous for purposes of convenience and security.
If a transaction was made via a cryptocurrency that was recorded on the blockchain, it could be traced back to its source immediately. This saves market participants the time and effort of having to track their transactions manually.
On the other hand, if an organization were to be hit by ransomware that called for them to pay them a certain denomination of Bitcoins to release their data, then that transaction could be traced back to the hacker via the blockchain. What makes the blockchain so incredibly versatile is that its database isn’t stored in any single location. This is advantageous from a security standpoint in that the public records that are present on a blockchain hosted by thousands of computers cannot be corrupted by a hacker.
Once entered into the blockchain, the transactions are said to be impossible to delete or meddle with even though sources do detail various solutions to hack a blockchain and steal millions of dollars thanks to the platform’s focus on extreme anonymity. This shouldn’t keep you from investing in cryptocurrencies altogether, but just to inform you of the risks that are present within partaking in cryptocurrency related activities that utilize blockchain technology.
CryptoCurrency Investing
For the five years after 2011, cryptocurrency (mainly Bitcoin) quietly began building up speed and making a name for itself as a viable source of global currency. Many investors dismissed it as a fad seeing as many e-currencies had been developed in past decades, only to fail at a later point in time. But then 2017 came around and Bitcoin saw its value soar from less than $1,000 per Bitcoin at the beginning of the year to nearly $20,000 per Bitcoin in late December 2017.
This meteoric and unprecedented value increase was due in part to the fact that Bitcoin held a 90% share of the crypto-market. Although other cryptocurrencies were in existence at the time, they just were not as highly regarded or talked about as Bitcoins were.
With the end of 2017 ending, many investors were speculating if the Bitcoin bubble was set to pop anytime soon. Talks of international regulation of the cryptocurrency markets and the fact that nearly 17 million of the 21 million total Bitcoins in existence had already been mined were concerning to investors.
Even though Bitcoin’s value rises as the cryptocurrency becomes scarcer, investors are worried about what will happen when there are no more Bitcoins left to mine from the blockchain. This has led investors to seek alternative cryptocurrency solutions from sources such as Ethereum, Ripple, Litecoin, Dash, Monero, etc. which are featured in the table below.
| Cryptocurrency | Website | Exchange symbol | Launched | Anonymity | Max supply |
| Bitcoin | bitcoin.org | BTC | 1/3/09 | Low | ~21,000,000 |
| Tonal Bitcoin | Tonal Bitcoin | TBC | 1/2/11 | Low | ~21,000,000 |
| BCH | None | BCH | 8/1/17 | Low | ~21,000,000 |
| Namecoin | namecoin.info | NMC | 4/18/11 | Low | ~21,000,000 |
| Dash | None | DASH | 1/18/14 | Low | 22,000,000 |
| Ethereum Classic | ethereumclassic.org | ETC | 8/7/15 | Low | Infinite |
| Ethereum | ethereum.org | ETH | 7/20/16 | Low | Infinite |
| Litecoin | litecoin.org | LTC | 10/7/11 | Low | ~84,000,000 |
| Monero | getmonero.org | XMR | 4/18/14 | Medium | ? |
| Zcash | z.cash | ZEC | 10/28/16 | Medium | ~21,000,000 |
| Zcoin | zcoin.io | XZC | 9/28/16 | Medium | ~21,000,000 |
Since the end of 2017, India has regulated cryptocurrency exchanges operating in their country in an effort to create their own state-backed cryptocurrency in the future. The U.S. is still undecided as whether cryptocurrencies should be classified as legal tender, but that does not mean that they are prohibited. Therefore, if you own Bitcoins, you still need to declare them to the IRS just as you would with any other currency. The fact that cryptocurrency regulation might change overnight due to a hack or policy change makes investing in them a high-risk investment.
CryptoCurrency Security Standards (CCSS)
To ensure that cryptocurrency transactions are safe and secure from a data breach, the Cryptocurrency Security Standards (CCSS) was established as a fraud resolution and can be followed by service providers and those who store or accept cryptocurrencies or incur transactions with cryptocurrencies.
CCSS was developed to ensure that cryptocurrencies such as Bitcoin were held to high levels of transparency and security when it comes to handling customer transactions. With more security issues cropping up related to cryptocurrencies, the incorporation of CCSS guidelines allows for a more robust cryptocurrency ecosystem to flourish.
CCSS is essentially a list of 10 security aspects that an information system can adhere to for use in bolstering their cryptocurrency security presence. The 10 aspects covered by CCSS are:
- Key/Seed Generation
- Wallet Creation
- Key Storage
- Key Usage
- Key Compromise Policy
- Keyholder Grant/Revoke Policies & Procedures
- Third-Party Security Audits/Pentests
- Data Sanitization Policy
- Proof of Reserve
- Audit Logs
Security aspects are a type of discrete technique of securing an entire information system from hardware and software to personnel and more. The more security aspects your organization employs, the higher your system’s overall CCSS score will be.
To achieve a CCSS score, your organization must prove its competence in each aspect of these 10 security guidelines via a rigorous external audit. Your organization’s overall CCSS score will place you anywhere between Level I to Level III. For a full breakdown of each of the three CCSS levels, peruse the below table:
| CCSS Levels | Overview |
| Level I | Level I CCSS security is achieved when the external audit finds that most risks to the system’s information assets have been addressed via the implementation of controls that meet industry guidelines. Although Level I is the lowest level, organizations that receive this score are still regarded as having strong cryptocurrency security measures in place. |
| Level II | Level II CCSS security is achieved when the external audit finds that the organization has implemented strong levels of cryptocurrency security along with efforts to implement enhanced controls over their information system’s assets. The organization most likely is also taking cryptocurrency to the next level in developing a decentralized system that may feature multiple signatures for each transaction. CCSS Industry guidelines are being followed with the organization taking measures to ensure that the assets do not become compromised. |
| Level III | Level III CCSS security is achieved when the external audit finds that the organization has developed enhanced levels of security via the development and implementation of formalized internal policies and procedures. These policies and procedures are currently adhered to by all those in the organization at all points during the handling of cryptocurrencies. The external audit must find that the organization has also implemented advanced authentication mechanisms that ensure the transparency and authenticity of cryptocurrency data at all times. Digital assets should be handled and stored in a way that showcases their resiliency in the face of a cybersecurity event. |
Since the CCSS aspects are unrelated to general information system cybersecurity best practices, they should not be thought of as being the only solution to information system cybersecurity. Even though CCSS can be applied to many different areas within your organizations, it should still be seen as a supplement to your cybersecurity that can be easily overlapped with other cybersecurity policies and practices.
Still, the implementation of these CCSS guidelines allows your organization to operate in a more secure and robust manner, thus giving way to minimal cryptocurrency risks. Operating at any one of the CCSS Levels can help your organization become more appealing in the eyes of regulators. It can also bolster other processes that make your business more appealing to consumers that perform cryptocurrency transactions through your information system.
Closing Thoughts
As cryptocurrency continues to thrive, challenges will inherently continue to arise which is why it is more important than ever to keep your current cryptocurrency security standard compliance up to date with everchanging standards. With major financial institutions traditionally seeing cryptocurrencies as fad interest of cyber nerds until recently, you can bet your bottom dollar (or Bitcoin) that wherever there are cryptocurrencies, there is bound to be an opportunity to make a sizable profit.
Through following the applicable laws of the 10 security aspects of CCSS, your organization can continue to ride the wave of cryptocurrency and safely invest in the future of digital currencies. If you are still having difficulties keeping up with these challenges, seek cyber security solutions immediately.
