How do organisations get to apply Blockchain to secure assets? Does it have to be implemented in a big approach, baby steps, or follow a middle ground to allow organisations to adapt and understand the technology quickly?
Blockchain is a secure, immutable, decentralised ledger that can be used to keep track of assets. There are different types of blockchains for different use cases, so organisations must first analyse the problem they are trying to solve in order to be able to apply blockchain type accordingly. Ultimately, however, the cryptographic properties of Blockchain ensure data security as it means the technology can securely store, track changes and manage assets.
In terms of implementation, a blockchain solution does not have to be executed in a big approach because immediate changes in the infrastructure can pose significant risks to the organisation. For example, if an organisational wide implementation approach is adopted and the solution is not accepted or fails to achieve the expected outcome, that would represent a considerable waste of resources as the organisation would have to roll back all the services and transactions which were affected. This could result in business disruption and monetary loss. The recommended approach is to implement blockchain step by step and incrementally integrate it into existing infrastructure.
The decentralised nature of Blockchain makes it a peer-to-peer technology, and it requires specific expertise to fully understand and operate it. Because of this, it will be imperative for any organisation applying blockchain technology to give training to its employees.
What is causing a delay in adopting Blockchain in the Energy sector? The old infrastructure, the way systems are designed, less expert resources, or broad resistance due to lack of understanding of the technology?
In my opinion, there are multiple factors that are causing the delay in the take up of blockchain technologies in the energy sector with one of the main being the lack of understanding of the technology as mentioned. Large-scale adoption in the energy sector will require highly skilled and qualified personnel. Because of the ever-evolving nature of technology, only a limited number of people currently have the skills to support it. As it is still in its infancy, the technology heavily depends on coding new algorithms, which is prone to errors. Though as the understanding of how to apply the technology to large-scale applications grows and the technology develops, there is likely to be more rapid uptake in the Energy sector.
Secondly, blockchain systems demand higher developmental costs, but, in many cases, they might not have competitive advantages against already existing infrastructure. For instance: Energy transactions are recorded in conventional databases. These solutions are largely available, currently faster, and less costly to operate as compared to blockchain systems. In addition, old infrastructure is not compatible with blockchain infrastructure, and peer-to-peer technology requires more resources, such as workstations and servers with higher specifications, which also makes it costlier.
Finally, in a distributed system architecture, it remains unclear who has the technical or legal responsibility in the case of any negative consequences. Therefore, if there is an attack due to hardware or software bugs, there is no central authority to which consumers can address their complaints in the same way they can in current practice.
As a Cybersecurity Leader, where do you start to look for Blockchain to address typical challenges (is there some prioritised list approach and steps to apply in such a situation?)
Based on my experience, there is a prioritised list approach to apply in mitigating cyber security risk, which includes analysing the threats faced by an organisation and applying a blockchain technology decision tree to:
- Address the data integrity-related challenges
- Address the trust and transparency-related challenges in sharing information
- Address confidentiality-related issues using permissioned Blockchain
What are blockchain security properties?
For me, there are some main security properties of Blockchain. The decentralised infrastructure, consensus mechanism, and cryptographic properties.
Blockchain’s decentralised nature means that a single node failure will not affect the entire network, so the network’s availability will not be compromised.
The consensus mechanism refers to the process of allowing a network of nodes to agree on action before it is carried out on the Blockchain. While in a centralised database, data can be corrupted or altered. This means that an admin in the system can easily amend or corrupt data. With Blockchain, however, data cannot be modified until a consensus is reached to verify transactions. In other words, users need to agree on an action or course of action before data can be amended. In this way, applying Blockchain to cybersecurity in areas such as decentralised voting, health, and scientific data collaboration, can ensure data integrity as the data is not easily altered or corruptible.
Blockchain cryptography refers to the nature of Blockchain to anonymise data to protect transaction information. Blockchain hashing can help authenticate software updates, which is a good cybersecurity practice due to the proliferation of malicious updates that can allow hackers to access networks or devices.
As a Cyber Security leader, what will be your motivation for implementing a blockchain solution use cases in the energy industry?
At GISEC 2022, I explained the primary motivations, from my perspective, for implementing blockchain technology in security, which are transparency, reliability, and integrity. If we look at the primary components of information security, which are called the Confidentiality, Integrity, and Availability or CIA triad, we see that blockchain technology aligns with these.
If we look at the energy sector, IoT devices are being increasingly utilised to improve data analytics and process monitoring on sites. These devices come with security challenges, such as lack of encryption, incorrect access controls, and insufficient privacy protections. As a result of these, they are prone to cyber-attacks. Blockchain can be used to create a secured network by assigning an individual blockchain ID to each IoT device. Due to the properties of Blockchain previously mentioned, namely its cryptographic properties and the decentralised nature of the network, authentication can take place reliably without compromising data integrity.
There are various real-life examples of how cyber-attacks have disrupted the energy sectors in history. For example, On December 23, 2015, Ukraine’s power grid was hacked, resulting in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. In this example, the utilisation of Blockchain could have reduced the impact of the attacks as Blockchain’s decentralised nature, which means that a single node failure will not affect the entire network, so the network’s availability may not have been compromised.
How could Blockchain’s advantage of anonymousness strengthen collaboration between nation-states and private enterprises to share detected attack vectors and early threats?
Blockchain is pseudo-anonymous in nature, which means that though the identity of the person making a transaction is not exposed, still all the transactions he is making can be linked to the same pseudonymous identity. This characteristic of blockchain technology can primarily help to strengthen collaboration between nation-states and private enterprises to share detected attack vectors and early threats.
Private enterprises and nation-state members can collaborate on a large scale to anonymously share detected attack vectors, early threats, corruption, or any law violation. At the same time, the authenticity of the information can be improved by integrating multi-signatures. Cryptographic methods can be applied to further authenticate the message sent by authorised entities and not tampered with by malicious attackers.
Additionally, due to this anonymity, private enterprises or any member will be free of fears or threats. This will improve the overall security and peace of nation-states and allow people of any sector to raise their voices in cases of wrongdoing. With this collaboration, the state can also prepare to handle situations more efficiently in time. Blockchain provides a shared tamper-proof single source of truth.
An incentive system can also be integrated into this collaboration, encouraging enterprises to fulfil their responsibility and collaboration with the state more effectively.
Blockchain offers excellent reliability, integrity, and trust between the participants of any transactions and stakeholders of any application area. The advantages of blockchain technology are undeniable. However, the introduction of Blockchain into any industry will require massive investment, so in order to avoid the loss of capital or considerable investments in the later stages, it is recommended that organisations implement blockchain technology step by step in their operational environment instead of a sudden 180-degree change in the process model. Additionally, the lack of expertise surrounding the technology means that the coding of new algorithms is prone to errors, however, as the development of new technologies progresses and uptake increases, the accuracy, and effectiveness of Blockchain will improve. In time, blockchain technology will be second to none for organisations facing threats related to the integrity of data, reliability, trust, and transparency issues in their transactions.
This article was originally published in Cyber Sentinel.