The recent boom in cryptocurrency trading has brought the world’s attention to the blockchain, the driving force behind the Bitcoin phenomenon, and many companies and governments are starting to take notice. Though this technology is best known for authenticating Bitcoin payments, it can also be applied to other areas like content delivery networks, smart grids, and cyber security. If used properly, blockchain has the potential to be a powerful business and governance tool in more ways than one, so it’s important for organizations to be aware of how it can be leveraged to meet organizational goals. Here’s how blockchain might improve upon and effectively work within a traditional network and program security infrastructure to deal with today’s cyber threats.
Blockchain Explained
Released in 2008, Blockchain is an ever-growing database of ledgers in which transactions are verified and recorded chronologically into “blocks” of data. The ledger is completely decentralized and spread across a massive number of computers (nodes) in such a way that no one can alter the data blocks, which are constantly checked for irregularities by each other. Through the process of hashing, all nodes contain a full copy of the ledger, so if one of them is compromised, the others, like white blood cells, will notice that something is wrong and exclude it. Blockchains can be public or private. In a public blockchain, all transactions are traceable to a users address, making it easy to pinpoint transaction records. Cryptographic algorithms generate public and private keys, which are hard to break with current computing power. Public keys allow transactions to be viewed (while keeping the actors anonymous), and private keys allow users to have exclusive access to their information or accounts. Private blockchains, used mostly in the financial sector, allow for greater control over access and verification. In this case, security has a direct relationship to the number of nodes harbored by the network. In whichever context Blockchain is used, its main purpose is to increase security and diminish the trust gap between parties to a transaction. Blockchain was originally developed as part of the Bitcoin protocol, in which “miners” use energy-intensive computing power to verify commercial transactions and record them in the blockchain ledger, being rewarded for their efforts with a consensus protocol that gives access to a certain number of digital currency units. Recognizing what could be one of the groundbreaking information innovations of modern times, many startups, corporations and even governments are beginning to realize the potential of Blockchain to optimize data outcomes, particularly when it comes to information security.
The Growing Acceptance of Blockchain
Users of IBM’s Watson platform – the world’s most powerful business intelligence computing resource – can now manage their data in a private blockchain ledger that’s completely integrated into cloud services. US Federal government agencies – including the Department of Defense, have begun to see Blockchain as a safe and effective cyber security solution. Defense industry giants Lockheed Martin have partnered with Guardtime Federal to incorporate Blockchain as part of their security approach, aiming to achieve “more efficient and secure software development and supply chain risk management.” For Lockheed VP Ron Bessire, “these new cyber security approaches will enhance data integrity, speed problem discovery, and mitigation.” According to consulting firm Deloitte, Blockchain solutions are being increasingly used as a shield against data breaches, with the financial industry alone already investing over $1 billion. The Edward Snowden saga exposed how vulnerable metadata can be to interception and surveillance. The network security company Obsidian is using blockchain to secure their users’ metadata to improve upon the end-to-end encryption of traditional messaging channels like WhatsApp and iMessage. In the fight against DDoS attacks, Blockchain’s decentralized nature can make a DNS less vulnerable to hackers by distributing content among many different nodes. With the use of distributed public key infrastructure to authenticate devices and users through specific SSL certificates (that are nearly impossible to fake), passwords themselves might become redundant in the authentication process.
Vulnerabilities and Risk Factors
The Blockchain consensus model requires that a majority (51%) of nodes within public and private blockchains agree that a transaction is valid before it can go through, greatly increasing the chance of detecting an anomaly in the system such as a rapid increase in transactions from one of the nodes. In 2014 however, the Ghash.io mining pool (a large group of miners) inadvertently took control of 51% of Bitcoin’s processing power, giving it the theoretical ability to, for example, buy coins and then erase records of the transaction. This could have brought down the system, had Ghash abused its temporary superpowers. A 2016 attack against smart contracts in Ethereum caused the network to slow down by hampering the creation of blocks and transaction verification. This has been addressed with the creation of a hard fork (general system update accepted by all nodes). Investors have lost a large sum of cryptocurrency through the hacking of exchanges and digital banks, but these thefts have been the result of security flaws in the host site rather than within Blockchain itself. Blockchain users, particularly cryptocurrency investors who deal in large volumes, tend to have encrypted physical devices as private keys (usually crypto wallets or old cell phones) to protect their coins from hacker attacks against virtual wallets. This is the equivalent of hiding cash under a mattress, an ironic situation that brings the evolution of money storage full circle. Losing a private key means permanently losing access to your account. While the blockchain process itself is nearly impossible to disrupt from the outside, hackers have focused on vulnerable endpoints such as storage locations. Using multiple devices to access Blockchain accounts also increases the risk of private key theft and should be avoided, though companies like Filament, who announced the creation a chip that enables devices to work with multiple blockchain technologies, are working to make this habit safer. Other companies like Edge focus on encrypting data before it’s left the device, significantly lowering vulnerability during the verification process.
Looking to the Future
The Blockchain job market grew by 200% in 2017 with job listings increasing by as much as 115%. On freelance platform UpWork, Blockchain developers ranked second in terms of fastest-growing jobs, with demand doubling over this time period. Annual median income in the U.S. stood at $130,000, with hourly rates of up to $150 for contractors. On average, blockchain developers command salaries more than 20% higher than software development generalists. The rapid rise in demand for blockchain specialists is in tune with the increased popularity and perceived importance of blockchain technology across multiple industries. Needless to say that as organizations begin to incorporate Blockchain into their business models, their toughest challenge will be finding the necessary talent. Since this technology has only been around for a decade, skilled professionals are still scarce and generally congregate in major tech hubs and financial centers like Silicon Valley, San Francisco and New York City, though emerging IT centers like Austin and Charlotte are becoming increasingly attractive to skilled pros for their relatively low cost of living and high quality of life. As more businesses become aware of Blockchain’s potential as a compliment to traditional cyber security methods and best practices, this market will become increasingly lucrative both for the professionals who chose to specialize in this field and for the businesses and entrepreneurs willing to brave what’s still relatively uncharted territory for the tech industry at large. Firewalls, VPN’s and more established cyber security jobs will remain as indispensable as ever, but adding Blockchain to the mix can enhance trust, safety, and efficiency of a company’s information security infrastructure.