You are here

December 19, 2018

Every new technology emerging on the federal scene rides a wave of hype followed by a period of letdown or disillusionment, and blockchain is no exception in following this pattern.  If you believe the air is out of the blockchain balloon, it’s worth taking another look as the hype fades and real work begins.

Blockchain is not a silver bullet. It won’t solve all your security needs by itself. But integrated into a larger solution which boasts a hygienic security posture, blockchain’s distributed ledger technology can be a valuable tool for establishing a trusted, immutable record of transactions and exchanges.

The time has come for theoretical discussion about blockchain and distributed ledger technology to cede to implementation for real use cases and gathering lessons from initial experiences. Here are some areas where blockchain currently promises to be most effective:

  • Supply chains and asset management. Consider the case of an aircraft engine that moves from manufacturer, to middleman, to warehouses and finally installed on a combat jet. Months later, a problem occurs, and investigators want to rewind the clock to understand the provenance of the engine and how it came to be installed on that plane at a given time. Any defect could have implications for other engines on other aircraft. Blockchain could be used to create an immutable record of where that engine was – and trace that provenance back all the way to components, raw materials and changes made along the way.
  • Evidence. Like in the supply chain example above, police agencies and courts have to demonstrate a clear chain of custody for evidence introduced at trial. Blockchain can help ensure the integrity of that chain of custody, imbuing a sense of trust in the evidence and the court proceedings.
  • Medicine. As the cost of prescription medications rise, we’ve seen a corresponding rise in counterfeit medications, some of which have proven deadly. Blockchain could provide a means of ensuring the provenance of high-end prescription medications.
  • Smart Contracts. In contracting situations, parties depend on trust to reach a conclusion. For example, the government will pay for a product once it is delivered. Blockchain-based smart contracts can act as unbiased escrow holders awaiting transaction completion data via “oracles” (APIs) that trigger an action. For example: when the agency signs for delivery, payment is released.
  • Identity and access management for sensitive applications. Blockchain wouldn’t make sense for routine login activity, but there are circumstances in defense or intelligence where it’s really vital. For instance, blockchain can be used to verify the legitimacy of an information source, such as before sharing classified information or perhaps before engaging a target. Critical situations may leverage blockchain in conjunction with biometrics and multi-factor authentication.

In thinking about these scenarios, it’s important to recognize that blockchain is best viewed as a component of an overall solution, not a stand-alone answer.

Take that battlefield situation, for example. Adversaries will be trying to crack your network. They may already be inside with stolen credentials. So relying on a message from a single individual’s account to engage a sensitive target is risky, and you want some way to verify legitimacy before certain kinds of orders are executed or delivered. Blockchain could help by providing a verification mechanism: When a commander sends an order, other nodes on the network must verify the commander’s identity before the message can trigger highly sensitive actions.

Similarly, blockchain could be used to ensure the legitimacy of software code to make sure it hasn’t been hacked or altered. It could be used to ensure the integrity of 3D printing files to verify they haven’t been compromised. Blockchain could even be used as part of a security mechanism in securing large files in the cloud, where blockchain holds the key to reassembling data that has been “sharded,” or broken into many little pieces, as a security measure.

Each of these use cases leverages blockchain’s inherent capacity to build trust through a verifiable, unchangeable record. In the information age, those capabilities will only grow more valuable as our view and vision of cybersecurity evolves. 

In 2014, a government agency suffered a massive breach. At first, the principal worry was the volume of information that had been compromised. Then came a potentially larger worry: What if fake data had been added, and false information had been created?

The future of cybersecurity isn’t phishing attacks and network penetration – its information warfare and the threat of fake and manipulated data. Blockchain won’t solve that problem by itself. But its reactive and proactive attributes could make it a significant piece of the answer.