Blockchain technology can offer important cybersecurity benefits, such as reducing cyberattacks, and it has recently created a lot of hype as a panacea for all the current challenges related to information security.
Blockchain can provide a strong and effective solution for securing networked ledgers. However, it does not guarantee the security of individual participants or eliminate the need to follow other cybersecurity best practices. Blockchain application depends on external data or other at-risk resources; thus, it cannot be a panacea. The blockchain implementation code and the environments in which the blockchain technology run must be checked for cyber vulnerabilities.
Blockchain technology provides stronger, transactional security than traditional, centralized computing services for secured networked transaction ledger. For example, say I use distributed ledger technology (DLT), an intrinsic blockchain feature, while creating my blockchain-based application. DLT increases cyberresiliency because it creates a situation where there is no single point of contact. In the DLT, an attack on one or a small number of participants does not affect other nodes. Thus, DLT helps maintain transparency and availability, and continue the transactions. Another advantage of DLT is that endpoint vulnerabilities are addressed.
Blockchain technology depends on communication across a network of nodes. Disrupting node communications or disseminating or accepting false information to confirm fake transactions may compromise the network. Hence, communication across the network of nodes is very important if deploying blockchain for security reasons.
Solution architects should consider various risk management strategies when designing any blockchain application, as with any new technology. They should conduct thorough, upfront due diligence and negotiate contractual protections with other participants apart from implementing continuous monitoring for security incidents, as well as consider obtaining appropriate cyber insurance, if available.
Coding bugs often cause vulnerabilities that are continuously exploited by hackers in blockchain-based smart contract projects. Experienced developers and continuous project audits can help avoid these types of errors.
External data sources fall outside of a blockchain application’s network consensus validation mechanism. Blockchain networks and stakeholders in the end-to-end transactions must take steps to monitor and ensure data reliability because these elements may be more susceptible to tampering or other malicious actions. Hackers may be able to compromise a project at this layer.
When discussing the use of blockchain technology for cybersecurity, it is important to understand that blockchain applications are like any other computer system. They can be vulnerable to software coding errors, which can introduce cyberrisk.
Blockchain applications also run on general purpose operating systems and platforms. These can be subject to known hardware and software vulnerabilities. Therefore, when deploying blockchain as a cybersecurity measure, organizations should treat these environments like their other critical business computing resources. They should follow generally accepted cybersecurity practices on blockchain applications. Identifying and managing known vulnerabilities is a core element of any reasonable cybersecurity program.
Users interact with the system in blockchain applications, which can often be a gateway for cyberattacks. The best example of this is cryptocurrency thefts. These involve exploiting vulnerabilities in connected systems. Thus, end user vulnerabilities, which enable attackers to infiltrate and compromise even the most secure private blockchains by impersonating authorized users, must be addressed.
Blockchain has intrinsic features of immutability, transparency and DLT, which can help solve current cybersecurity issues. These blockchain features help manage the confidentiality, integrity and availability of information. However, blockchain applications do not work in a silo; they use the operating systems like other applications. They also work in a layer system with frontend application programming interfaces (APIs) and backend database systems. It is necessary to consider the vulnerabilities at all these layers while planning to deploy blockchain for security reasons.
Editor’s note: For further insights on this topic, read Neeraj Benjamin’s recent Journal article, “How Effective Is Blockchain in Cybersecurity?” ISACA Journal, volume 4, 2021.
Don't forget—Members can earn free CPE from ISACA Journal quizzes!