 Welcome to the ITU studio in Geneva. I'm very pleased to be joined in the studio today by Jacques Franco, who is the co-chair of the focus group for digital fiat currency and also chair of the security working group. Jacques, welcome to the studio. Thank you. Now, I'd like to start off by talking a little bit about the main security concerns of digital currencies. You were, when you spent about 20 years in Silicon Valley, you're now a co-chair of the security working group. What are the main security concerns for digital currencies, especially central bank digital currency? Well, certainly all the traditional concerns don't disappear. And perhaps what happens in the money use case, or even the digital fiat currency use case, is that it perhaps needs a lot more confidence of security than one would typically find in other systems that we have today, even in the financial industry systems. Certainly those systems are protected at much higher levels, but the question becomes, does digital fiat currency require even higher levels of protection and higher levels of assurance? Are there things like acceptable loss in this new form of currency? Today, in credit card transactions, there's a built in acceptable loss, and it's just part of doing business. Those kinds of losses would not be tolerated in the money system, or especially in the fiat currency system, because confidence and trust is probably the number one characteristic that is fundamental to adoption of this new form, and if that confidence is lost, it could have dramatic effects on the population. So is this a use case where we cannot tolerate any highly visible breach of some kind? Otherwise, people will lose confidence in this currency, and that could be extremely problematic. What are the key recommendations of the focus group regarding security for central bank digital currency? Well, if you look at the security space, it's one that's evolved over time, and as a result, everything also evolves, standards, controls, and we have, in essence, a very large mixture of things that we have to contend with, and they're generally speaking they're called security controls, and they're in the worded form, and there's lots of frameworks of these controls that we have to deal with, and they're written by different groups, by different levels of expertise in different countries, and it's in words, so there's a loss of clarity, because the words and paragraphs have to be interpreted, validated, verified by auditors and so on, so because security controls are traditionally worded descriptions, basically apply this security to this business value, and it's in the word format, there's a large amount of human effort required to interpret what is required, let alone do it. So one of the things that I believe is missing is something that would solve this visibility, lack of visibility between objectives, regulatory objectives that say, you know, if you can do fiat currency, you must protect it to this level, and the actual controls that you, technologies you put in place to affect those objectives, that very specific technical bottom part and the very sort of objective general top part, there's a lack of clarity between those two layers, and that has resulted in a huge amount of audit and human effort, so one of the recommendations that I've made in this focus group is an innovation that I'm contributing to ITU in the world related to a syntax language that is able to describe the general terms and the highly specific terms under the same architectural construct, which is a single parent tree, so the recommendation is that we have to adopt an architectural model to describe security controls that is unique and unambiguous, so that we can have a higher confidence and assurance that we have protection. I make a clear distinction between security and protection, security delivered is not necessarily protection received, and therefore you have to be able to articulate things quite specifically so that you can measure things quite specifically so that you could articulate a state of security with confidence to those who at the end of the day have to provide the resources to provide more security or at the same level, so you have to be able to communicate effectively to the fiduciary layer that provides the funding for security, that's the amount of security, and then the chief information security officer will implement that and that's in a sense the quality of security, so what gives you protection is a combination of enough security and quality of security to give the protection that you're seeking. And finally, how would the work in the security working group lead to new work in ITUT study groups in your opinion? Well, in this particular case, the deliverables that were submitted through a liaison state were submitted to the Julfiak Currency Focus Group going to study group 17 security, in particular question 14 on DLT security, so this method that I have proposed is being transmitted to a focus group and adopted by one of the key areas of activity, in this case, DLT security, which is critical. Great, okay, well, thanks for coming up. Thank you very much for joining us today and giving us a few insights into the work and hopefully we'll catch up with you again some station in the future. Thank you very much. Thank you. Thank you.