Home / Blockchain / What Blockchain can – and can not – do for the information security of the government

What Blockchain can – and can not – do for the information security of the government

Federal agencies looking for new ways to protect their sensitive data from the bad guys see enormous potential in an emerging cryptographic platform born in the legally obscure world of Bitcoin. That platform is blockchain and while cryptocurrency users have relied on it to facilitate currency swaps and purchases in maximum privacy, many US government officials do not see the time to use it to make the databases of their agencies more resistant to hackers than is possible with conventional IT data – management tools and firewalls.

Last week the new wave was interrupted that the Air Force has just signed a contract with SIMBA Chain, a cloud-based blockchain platform, to help manage supply chain logistics and operations around the world. While the Air Force and the SIMBA keep the details of the contract near the jacket, there is no doubt that protecting the resources of the Air Force from new emerging cyber threats is one of the main reasons that drive it.

"Blockchain technology can securely connect the industrial Internet of Things," said SIMBA in a press release announcing the new contract. And in 2016, in view of the contractual discussions, a research report by the general of the US Air Force Neil Barnas specifically requested the development of blockchain to keep up with the hackers: "The ability of the USAF (Air Force) to prevail in the highly contested environment of 2040 will be dictated by its ability to defend cyber-enabled systems and data within them, from compromise and manipulation. "

The Department of Homeland Security is funding the pilot test of another blockchain application that will guarantee the data that the US customs and customs protection receives from its cameras and sensors along the border between the United States and Mexico. And when Congress passed its latest law on national defense clearance for the 2018 fiscal year, the bill included a provision that directed the Department of Defense to study Blockchain's cybersecurity applications and a brief Congress at the end of the year on what he found.

What is Blockchain?

Blockchain is a type of digital database that creates more, possibly hundreds or even thousands of copies of the database on any number of computers, called "nodes", which continuously interface each other to compare each stored copy and make sure that all copies meet.

And it's not that easy to do, because all the computers in the blockchain network interconnect and constantly monitor. If there is a slight change to someone's copy of the database, regardless of whether it is a legitimate update by legitimate system operators or unwanted hacking, everyone knows it instantly. They will act in unison to control the alteration and determine if it is legal. If it is, they update all their copies accordingly, while a subset of the nodes creates a "block" of data that records the newly approved transaction. This block obtains a unique digital signature that authenticates it and is then added to a chain of blocks that are continuously growing and fully encrypted, such as a chain of blocks.

The whole configuration may seem cumbersome, but it's actually more secure than traditional data storage, which hosts data in one database in a single location. Because while a hacker only needs to break a database's defenses to sabotage a conventionally stored set of data, he or she should infiltrate each of the database copies of a blockchain to cause real damage.

Blockchain is entirely decentralized and decentralization is its strength.

Attention note

However, we clarify: no system designed by humans is 100% safe. Not even a blockchain. Data breaches and malware attacks can and do occur on blockchain networks.

Just ask Ethereum, a non-governmental cryptocurrency system built on blockchain. He suffered a cyber attack in 2016 which led to the theft of $ 80 million of virtual money.

IT analysts have found a multitude of other vulnerabilities since then on other blockchain platforms. Many of these systems have weak privacy protection measures and special packets of malicious code can cause loss of cryptographic keys and other sensitive data, according to a February 2018 document from researchers at the University of Hong Kong Polytechnic. Hackers can also launch "eclipse attacks" that deceive one or more nodes in the approval of false transactions and thus interrupt node-to-node communications across the network, according to Mike Orcutt in a recent Technology Review comment.

"The security of even the best blockchain systems can fail in places where imaginative mathematical and software rules come into contact with humans, who are skilled cheaters, in the real world, where things can become messy, "writes Orcutt.

Other experts warn that discoveries in quantum computing and other niche areas could offer hackers new and more powerful tools to penetrate blockchain. A quantum computer is able to solve multiple data problems at the same time compared to a conventional computer and, in the hands of a hacker, it could be a way to quickly decipher and reveal the protective cryptographic codes of a blockchain, warned Arthur Herman, a senior colleague of the Hudson Institute, in an October 2018 Forbes article.

Final analysis of the blockchain in the government

Obviously, IT innovation is not just an advantage for hackers. IT security professionals who develop and supervise blockchain networks can use the innovations of new programs as they emerge for the benefit of their networks and users. And they must. Whatever you change blockchain platforms for information technology and data management, the need to keep up with the bad guys will remain the same. Blockchain platforms, just like the conventional ones, will need continuous updates and improvements in the system and human vigilance around the clock.

Those who praise the blockchain as an asset for security are not selling hype. Technology is probably a very effective tool. But it will need continuous re-tooling and updating to serve its purposes.

Source link