To start, let’s look at exactly what Blockchain is and what it can do. There’s been lots of talk around the technology recently. Every security event I have attended in 2016 has referred to this in some way, and all of the experts within the industry have eluded to this being the next big technical breakthrough.
So, the big question, what is Blockchain?
It’s a technology that first found fame through the BitCoin Cryptocurrency payment system, a public ledger to record BitCoin transactions between companies, individuals and systems. Simply put, it’s like the building blocks we played with as children; each transaction creates a record, or a block, which then gets added into a linear, chronological order. Another transaction equals another block. Each of these blocks, contains a time stamp so within the process you can see what happened, who administered it and when it occurred. Every user has a digital signature, or cryptography, to prove their identity so, again, if something abnormal happens within the chain you can quickly turn into Sherlock Holmes, find out who it was and what they were doing. The big benefit of the technology is that nobody has complete control over the records as they are spread across several computers globally, there’s no monopoly of data and all of the users in the network can have a transparent up-to-date ledger. Various industries think this is going to be the new kid on the block; banks see it as the future of financial transactions, even diamond vendors are contemplating using it to sift out blood diamonds, but what’s the potential for Blockchain within the Cyber Security industry. It’s already making waves but it’s not making a Free Willy style splash in the ocean just yet! Maybe 2017 could become the year of Blockchain….
Hopefully, that’s given you a good overview of Blockchain technologies, what it does, how it does it and who’s looking to use it. The main aspect I wanted to explore next with Blockchain was how encryption can help various industries, how it can prevent hacking on sensitive data and information and the companies who are exploring these possibilities.
2016 was, as some would say, the year of the hacker, if there were Oscars given out for this then Ransomware would have taken home quite a few golden statues! With Blockchain and the distributed nature of the data, hacking could be up against a defence that’s stronger than Anthony Joshua’s right hook. No longer would hackers be able to just infiltrate one system, they would have to gain access to every single database simultaneously, and despite how this would be portrayed in Hollywood, it’s going to be much harder to do in the real world. Also, the data within a Blockchain cannot be converted back, it’s a one way process which keeps the blocks being built upon. Therefore if there was a change to the data, the digital signature changes, alerting the entire network and users to the anomaly. Enter Sherlock Holmes who would be able to figure out who made the change, when it was made and why.
There are already a couple of companies who are focussing around Blockchain and encryption technologies. Most notably, in my experience, a company called Guardtime who have helped Estonia to realign a great deal of sensitive data for the country’s occupants. Back in 2007, Estonia experienced their biggest hack, a believed state-sponsored attack (still yet to be confirmed!) that used DDoS attacks to swamp Estonian organisation websites, affecting commercial banks, telecommunication companies and media outlets. Once the entire nation felt the impact, the government decided to do something about it and bring their infrastructure security back up to scratch. Now seen to be one of the leading countries for Cyber Security, Estonian organisations started partnering with Guardtime, helping them to secure sensitive data through their keyless signature infrastructure. Last year they secured 1 million health records for the eHealth Foundation and have been able to provide real-time detection within critical infrastructures.
Security of Blockchain
Clearly, Blockchain can provide encryption, it can help to identify anomalies within a chain network, can alert the users of any malpractice, but can it become the king of security. Along with Blockchain, the next emerging technologies will be Big Data and the Internet of Things. With the increased sharing of data between devices it can only be beneficial to assign digital signatures to every transaction, but will this increase the security of devices and individuals?
With any technology, there’s going to be teething problems, and last year two companies who have been using Blockchain and digital currencies were attacked by hackers with a combined financial loss of £93 million. Odd to think that with that amount of loss people are still saying that Blockchain is going to be the future of security. I suppose with any new technology, there’s new code being written and it’s difficult to initially judge where the flaws are going to pop up. There’s not been years of testing on the code, years of expert knowledge saying when and where the vulnerabilities are going to occur. Let’s think of aeroplanes, originally seen as death traps (my Nan still won’t get on one!) but with the increased testing, they are more safe than ever. Maybe the same will happen with Blockchain.
What can be said is that the principles are all there, the technology, the rational, the building blocks (no pun intended!) are all in place to make Blockchain the Godfather of security protocol. From my point of view, there’s always going to be new ways of increasing security, new ideas and new technology. It all comes back from the same debate, process vs people. I’m pretty sure we will hear a story in the news of someone who shares their digital signature with a colleague, and then gets hacked. Or a phishing scam designed to ask people for their digital signature verification. It’s all about educating people to follow the processes rather than relying on technology to do all the work for them.