Blockchain is an emerging way for businesses, industries, and public organizations to almost instantaneously make and verify transactions from streamlining business processes and saving money to reducing the potential for fraud. At its core, a blockchain is a data structure that’s used to create a digital transaction ledger that, instead of resting with a single provider, is shared among a distributed network of computers.
Blockchain has the potential to help us build new solutions that will fix difficult business problems. Think collateral management or crowdfunding within the financial sector to prescription sharing or DNA sequencing within the health care industry. At its core, a blockchain is a data structure that’s used to create a digital transaction ledger that, instead of resting with a single provider, is shared among a distributed network of computers.
Here are some of the ways you could take advantage of blockchain within your own industry:
Financial: Redesign costly legacy workflows, improve liquidity, and free up capital. Help reduce infrastructure costs, increase transparency, reduce fraud, and improve execution and settlement times.
Health Care: Remove third-party verifiers such as health information exchanges by directly linking patient records to clinical and financial stakeholders. Provide fast, secure authenticated access to personal medical records across health care organizations and geographies.
Government: Increase transparency and traceability of how money is spent. Track asset registration, like vehicles. Reduce fraud and operational costs.
Retail and Manufacturing: Improve supply chain management, smart contract platforms, digital currencies, and tighter cybersecurity.
How can Blockchain Be Made More Secure and Resilient?
The underlying foundation and architecture of blockchain have been repeatedly examined by industry participants. These are not fundamentally flawed, but, there are lessons to be learned from known blockchain incidents as well as those from other traditional and emerging technologies to make sure your blockchain solution is secure and resilient.
Some of those risks include:
Cryptographic key theft. The cryptographic private key to a blockchain network is like the key to a bank safe. An attacker could gain access to one of these private keys and make fraudulent transactions, including fund withdrawals.
Consensus overrides. Blockchain networks are powerful because they are meant to use consensus-driven decision making rather than rely on one centralized entity. A large group of attackers could access the platform and create a fake “consensus” among users on a particular transaction that only benefits themselves.
Anonymity. Members of a public blockchain can hide their identity, making it difficult to find those transacting on it, including any malicious attackers.
Poor implementation. Blockchain is still in its infancy, and, as with any emerging technology, lack of rigor can create vulnerabilities in the implementation, particularly in the software code (e.g., smart contracts) that services the blockchain. Since blockchain is meant to hold value or currency in a digital format, the software around the blockchain provides an attractive attack surface for hackers.
Framework category and sample leading practices:
Cryptography, key management and tokenization – consider using cold storage (i.e., no access to the Internet) for private keys that are not required for day-to-day transactions, ensure production private keys are not used or accessed during testing, maintain detailed access logs for all those with access to private keys, including any attempts to read private keys, consider using a multi-signature format to prevent inappropriate or unauthorized use of private keys.
Chain permissions management and privacy – ensure all users of the blockchain network (particularly for a private chain) have proper security measures to prevent unauthorized transactions; ensure there is the ability to trace encrypted addresses to identify the actual user.
Consensus mechanism and network management – ensure blockchain network nodes have the configurable ability to halt broadcast or acceptance of data from other nodes during incidents; identify unique metadata to include during handshakes to avoid consensus with compromised or incompatible nodes.
Data management and segregation (on-chain and off-chain) – establish rules for “off chain” or separate transactions, such as when and where they can be made; ensure metadata included in blockchain transactions is encrypted as required and only accessible to appropriate participants.
Governance, risk, and compliance – ensure governance model for hard forks (and other Low Frequency High Impact – LFHI scenarios) are agreed ahead of time.
Blockchain has clearly created intense interest. As more implementations move from proof of concept to production, we believe that security and resilience will start to steer use cases and even influence adoption. By analyzing lessons learned from recent examples of blockchain-related incidents and by recasting decades of prior technology delivery experience, organizations can be better equipped to implement secure and resilient solutions around blockchain.