What Blockchain Can – and Can’t – Do for Government IT Security

Federal agencies looking for new ways to protect their sensitive data from the bad guys see tremendous potential in an up-and-coming encryption platform that was born in the legally murky world of Bitcoin. That platform is blockchain, and whereas cryptocurrency users have relied on it to facilitate currency swaps and purchases in maximum privacy, many U.S. government officials look forward to using it to make their agencies’ records databases more hacker-resistant than is possible with conventional IT data-management tools and firewalls.

New broke last week that the Air Force has just issued a contract to SIMBA Chain, a cloud-based blockchain platform, to help manage Air Force logistics and supply-chain activities across the globe. While the Air Force and SIMBA are keeping details of the contract close to the vest, there’s no question that protecting Air Force assets from newly emerging cyber-threats is a major motivator driving it.

“Blockchain technology can securely connect the Industrial Internet of Things,” stated SIMBA in a press release announcing the new contract. And in 2016, in the runup to the contract discussions, a research report by U.S. Air Force Major Neil Barnas specifically called for developing blockchain in order to keep ahead of the hackers: “The ability of the USAF (Air Force) to prevail in the highly contested environment of 2040 will be dictated by its ability to defend cyber-enabled systems, and the data within them, from compromise and manipulation.”

The Department of Homeland Security is financing pilot tests of another blockchain application that will secure data that U.S. Customs and Border Protection receives from its cameras and sensors along the U.S.-Mexico border. And when Congress passed its latest National Defense Authorization bill for fiscal-year 2018, the bill included a provision directing the Department of Defense to study blockchain’s cybersecurity applications and brief Congress later this year on what it found.

What is Blockchain?

Blockchain is a type of digital database that creates multiple—possibly hundreds or even thousands—of copies of the database across any number of computers, called “nodes,” which continuously interface with each other to compare each one’s stored copy and make sure all copies match.

And that’s not so easy to do, because all of a blockchain network’s computers interconnect and constantly check each other. If any slight change occurs to any one’s database copy—whether it’s a legitimate update by the system’s rightful operators, or an unwanted hack—all of them instantaneously know. They’ll act in unison to vet the alteration and determine if it’s legit. If it is, they update all of their copies accordingly, while a subset of the nodes create a “block” of data that records the just-approved transaction. This block gets a unique digital signature authenticating it and then gets added to an ever-growing, totally encrypted chain of stored blocks, e.g., a block-chain.

This whole setup may sound unwieldy, but it’s actually profoundly more secure than conventional data storage, which houses the data in one database in one location. Because whereas a hacker need only crack one database’s defenses to sabotage a conventionally stored set of data, he or she would have to infiltrate each and every one of a blockchain’s database copies to cause it any real harm.

Blockchain is wholly decentralized, and that decentralization is its strength.

Note of Caution

Let’s make clear, however: No system devised by humans is 100% secure. Not even a blockchain. Data breaches and malware attacks can and do occur on blockchain networks.

Just ask Ethereum, a nongovernmental cryptocurrency system built on blockchain. It suffered a cyberattack in 2016 that resulted in the theft of $80 million worth of virtual money.

IT analysts have found a multitude of other vulnerabilities since then within other blockchain platforms. Many of these systems have weak privacy protection measures, and special packages of malicious code can cause leakage of cryptographic keys and other sensitive data, according to a February 2018 paper by Hong Kong Polytechnic University researchers. Hackers can also launch “eclipse attacks” that fool one or more nodes into approving fake transactions and thereby disrupt node-to-node communications across the network, according to Mike Orcutt in a recent Technology Review commentary.

The security of even the best-designed blockchain systems can fail in places where the fancy math and software rules come into contact with humans, who are skilled cheaters, in the real world, where things can get messy,” Orcutt writes.

Other experts warn that breakthroughs in quantum computing and other niche areas could give hackers new, more-powerful tools for breaking into blockchains. A quantum computer can solve more data problems simultaneously than a conventional computer, and in a hacker’s hands, it could be a means to quickly decipher and unravel a blockchain network’s protective encryption codes, warned Arthur Herman, a Hudson Institute senior fellow, in an October 2018 Forbes article.

Final Analysis of blockchain in the government

Of course, IT innovation doesn’t just benefit hackers. Cybersecurity professionals developing and overseeing blockchain networks can utilize new program innovations as they emerge for the good of their networks and users. And they must. Whatever change blockchain platforms bring to information technology and data management, the need to stay ahead of the bad guys will stay very much the same. Blockchain platforms, just like conventional ones, will need continuous updates and system improvements, and round-the-clock human vigilance.

Those who praise blockchain as a boon for security are not selling hype. The technology is arguably a very effective tool. But it will need ongoing re-tooling and upgrading if it is to serve its purposes.

Be the first to comment

Leave a Reply

Your email address will not be published.


*