Blockchain: Implications for the Security Professional
We are at peak hype on blockchain, one of the most searched terms on Google. All CEOs and technologists, along with many Uber drivers in New York City, seem to be talking about it.
Blockchain is the generic term for the technology behind bitcoin and other cryptocurrencies. In a nutshell, the blockchain is a real-time database of transactions run by software that instantaneously bundles all prior transactional information, encrypted and stored on a distributed set of computers of participants. The blockchain is made up of sequentially grouped, verified blocks of transactions. Those blocks are chained together, creating a shared record of all information. This establishes trust among unfamiliar or unknown partners.
While somewhat dated as an illustration of the power of the shared distributed record, it is still useful to consider the difference between collaborative tools like Google Docs and the legacy way of writing and revising documents and reports. Typically, a team member would collaborate by sharing documents, sending a document to another team member and asking them to revise it. Team members would then wait because two people can’t be working on the same document at once. With Google Docs, however, many parties can access the same document at the same time, and the single secure version of that document in the cloud is always visible to all of them. Instead of passing documents to each other, losing track of versions and not being in sync with the “latest” version, documents become shared instead of transferred back and forth. All changes to this decentralized document since the genesis of the document are preserved.
Blockchain’s strengths are decentralization, cryptosecurity, transparency and immutability; the technology allows information to be verified and exchanged without having to rely on a third-party authority.
Given these strengths, there are significant opportunities across industries. For example, blockchain can be used to accurately validate user identity, by verifying video content from sources like mobile phones and social media, and the authenticity of network devices. A consortium of large Canadian lenders is beginning to use blockchain to confirm identity, allowing customers to instantly prove who they are to the banks using a blockchain app on their phones and Windows devices. Users are in control of personal information and share details privately for each transaction, rather than going through a central honeypot system that always tempt hackers. J.P. Morgan uses blockchain technology to simplify the payment process, store customers’ information and help prevent money laundering. The company views the application of this technology in business as more important than the technology itself as a way to reduce cost and develop new products. Blockchain can improve security in supply chains as well, still tracked via pieces of paper, archaic spreadsheets and siloed software, and bridge gaps in trust. Every time the product changes hands, the transaction can be documented, creating a permanent history of a product from manufacture to sale. This could dramatically reduce time delays, costs and human error that plague supply chains today. Diamond giant De Beers claims to have successfully traced 100 “high-value” diamonds along the supply chain, from “mine to retail,” through its own blockchain platform.
Maersk, the largest shipping company in the world with almost 20 percent of total global capacity, was hit with the NotPetya cyberattack in 2017, freezing its port operations in multiple countries and resulting in over $300 million in losses. Since then, the company is actively trying to embed blockchain technology in its entire supply chain. In addition to speeding up documentation processes, blockchain allows Maersk and its shipping partners full visibility into shipping records while preventing any parties involved in the shipping process to alter records without consensus.
The Internet of Things (IoT) is becoming more prevalent as industries transition into the age of smart systems to communicate with and control everything from building HVACs to international cargo shipments. The total number of connected IoT sensors and devices is expected to leap from 21 billion this year to 50 billion by 2022, according to recent data. The massive growth in connected devices over the next four years, according to Juniper, is driven mainly by edge computing services, the processing of data away from the cloud and closer ot the source. The hope is that blockchain’s decentralized nature provides a more efficient means of handling the massive amounts of data that will flow through IoT devices. Blockchain could also help prevent man-in-the-middle attacks, wherein perpetrators get in the middle of communications to eavesdrop or impersonate, that threaten to become commonplace.
ABB Wireless has adopted blockchain as a method for delivering decentralized security services for industrial systems in industries such as utilities, oil and gas and transportation. ABB Wireless has pushed security applications and control to edge devices on the mesh network at power utility substations. A blockchain app allows field workers to log into any device, even if the substation is disconnected from a utility’s central data center due to an accident, such as a wildfire.
Despite the hype, blockchain is still a relatively immature technology with a market that is still emerging; however, lack of widespread adoption does not minimize blockchain’s potential. A couple of decades ago, we couldn’t have predicted the iPhone and Netflix streaming. Reformatting, disrupting and creating business ecosystems on the scale that is possible through blockchain will take time, and the extent of that change on society will be akin to the internet itself. And recall my reference to Uber earlier, which is basically a $62 billion central clearinghouse connecting drivers with fares on demand. A former Uber driver frustrated with the company launched a blockchain-based taxi startup that’s being touted as a potential Uber killer and apparently is so popular that it has been turning away drivers in droves.
With criminals and bad state actors constantly finding new ways past legacy security systems, it makes sense for security professionals to start learning more about blockchain and its benefits. Blockchain may not be the answer to everything, but it can play a powerful role in solving some serious issues. Understanding these new concepts and piloting aligned security solutions could have merit and bring real value to the party!
The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association (SIA).