Senior Director, Technical Cyber Threat Intelligence
Ken Dunham brings more than 27 years of business, technical and leadership experience in cyber security, incident response and cyber threat intelligence to his position as senior director of technical cyber threat intelligence for Optiv. In this role, he is responsible for the strategy and technical leadership to mature Optiv’s data integration and innovation of intelligence-based security solutions.
Will Blockchain Change the World?
There has been a lot of hype around “blockchain” these past few months. After attending sessions, discussing it with others, and researching how it is being used, it is apparent that there is a need to clear the air on this emerging topic. Blockchain has been touted as a technology that will take the world by storm and change just about everything we do on computers, but clearly it is not a silver bullet nor is it so universally applicable. It has great potential to offer trusted, traceable, and cost-efficient ledgers and associated actions with some applications of the technology. This two-part blog series focuses on understanding and using blockchain and the associated risks of adopting this new technology.
Introduction to Blockchain
In layman terms, think of blockchain as a public trusted distributed ledger. Transactions in the ledger are grouped together into blocks with each new block attached to a previous block, creating a kind of chain.
Blockchain is an improvement over the previous collections of independently managed ledgers. These standalone ledgers can be tampered with by malicious insiders or by individuals that simply make mistakes in business operations. Blockchain also has the promise of creating streamlined, efficient operations thereby reducing costs by cutting the red tape.
Because of how blockchain is designed the “distributed” component of this technology results in a “public” or transparent ledger. Old school geeks remember, and may still use, Internet Relay Chat (IRC), or similar distributed systems. If a server crashes or “goes down” there are another dozen that are still up and running and capable of load balancing demands until the crashed server is back online.
The second part of our definition is “trusted ledger.” When a transaction takes place, it is verified, and a timestamped cryptographic receipt is created which cannot be altered. The fact that a verified transaction cannot be altered – it is immutable – is key to trusting blockchain. The transaction is protected in part through hashing using secure cryptographic functions within this public distributed ledger system.
Transactions are represented within blockchain as “blocks.” Blocks are added to the blockchain when transactions are grouped into blocks, which can result in a slight processing delay. For example, fruit being harvested in a farmer’s field, all organic non-GMO, can be verified as fruit is harvested and shipped out. During the shipment to market process several additional verifications can take place, such as when it is loaded onto a ship, stored in a warehouse, and delivered to a market. Blockchain enables the entire transaction to be incrementally verified, recorded, and linked together resulting in an efficient trusted ledger of farmer to market transactions.
Blockchain is not Bitcoin
Bitcoin is a non-governmental currency that uses blockchain technology to settle and record transactions. In 2008, Satoshi Nakamoto, a pseudonym for a still unknown author or set of authors, wrote a paper on a peer-to-peer electronic cash system that became bitcoin. While it never uses the word “blockchain,” it clearly identifies an ongoing chain of hash-based proof-of-work. Proof-of-work is a mathematical puzzle used in bitcoin mining to create an immutable ledger for the bitcoin cash system. Blockchain is a secure, distributed ledger technology that happens to be used within the bitcoin cryptocurrency system – they are not the same solution or technology, but are intertwined in their application of bitcoin cryptocurrency.
What is Blockchain Used For?
Applications of blockchain continue to emerge. Corda is a free open-source blockchain technology which helps businesses adopt blockchain. Currently, many companies and individuals are theorizing over how blockchain might help them improve operations, increase trust, or capabilities in challenging environments such as commerce, international funds transfers, burdensome paper trails, and documentation in shipping.
Blockchain, as a trusted ledger, is used to record any type of transaction or data such as contracts, records, and cryptocurrency transactions. A multitude of applications are being discussed, with a snippet of such ideas below organized by sector:
- Financial: Streamline global/cross-border transactions and stocks.
- Non-Profit: Prove that funds donated go to the exact source of interest.
- Entertainment: Digital documentation, tracking, loyalty rewards, proof of purchase.
- Medical: Global database of patient data, prescription use, history of surgeries or medical events.
- Insurance: Efficient contract management and dispute resolution.
- Legal: “Smart Contracts” to automate actions related to contract.
Additional use cases can be viewed by industry and solution at https://www.ibm.com/blockchain/use-cases/.
Early adoption of blockchain is already evident in early 2018. The first real-estate deal using it took place through Reasi in 2018. The Agricultural Bank of China (ABC), which is the largest within the People’s Republic of China (PRC) and 4th largest of its kind globally, issued a loan for a land plot using blockchain technology. This application of blockchain was reportedly implemented to help mitigate the risk of a global economic crisis and was brought about after an incident with a company distributing fake vaccines. Another example is found in Mexico, where blockchain is now being planned for use with public tender utilizing smart contracts.
Ethereum, another form of cryptocurrency developed by a Swiss non-profit, uses blockchain and smart contracts for “smart money, smart wallet.”
“Smart contracts” are an interesting concept being considered for governing operations tied to a contract. For example, terms can be drawn out on payment for current market price for agricultural products which can be automatically processed, with other automated actions such as payment following sale of goods, all recorded within blockchain in conjunction with a smart contract. This author believes it is highly likely that “smart contracts” coupled with blockchain solutions will become one of the more powerful stable solutions of blockchain implementations in the future because of how scripts are developed and automated as part of a commerce orchestration, without the need for a centralized authority or clearinghouse.
Blockchains can be categorized into two types, permissionless and permissioned. Permissionless blockchains, like that used in bitcoin, do not require prior permission to use or create. This makes such a system anonymous which is one of the reasons why it is so popular for monetization and laundering with ransomware fraud. Some solutions, like Monero cryptocurrency, enable anonymization further than many by making it impossible to attribute transactions to a specific wallet. Permissioned blockchains require participants to be known. The two systems have pros and cons for applications of anonymity and privacy, speed and latency, and efficiency and security.
Countries that have already been identified as early adopters of blockchain include Dubai, United Kingdom, Japan, United States, Chile, and Italy, according to the Global Coin Report.
Don Tait, analyst and expert of information for IHS Markit, estimates that blockchain will reach two trillion in business value by 2030 in his “Blockchain Vertical Opportunities Report.” Alan Greenspan, former chairman of the U.S. Federal Reserve, compared bitcoin to that of an early American form of money called “Continental currency” used during the American Revolution, which was not backed by a traditional commodity such as gold. He has projected that bitcoin will suffer a similar fate even though it will be used for a significant share of real goods and services. JPMorgan CEO Jamie Dimon was quoted at a gala event calling bitcoin, which uses blockchain, a “scam” and reportedly stating that governments should move to shut down such cryptocurrencies because of an inability to control them.
Clearly there are strong opinions in the global financial community as to what cryptocurrencies offer. Various controls and regulations are lacking in this emergent market which has many very concerned about accepted risk with such solutions. Currently the Securities and Exchange Commission (SEC) is working to regulate initial coin offering and has named a new Senior Advisor to oversee crypto regulations, Ms. Valeria A. Szcezpanik.
Despite the hype around nascent solutions leveraging blockchain there are a variety of threats and challenges that will change public perception over time, removing the hype. In our next blog, we will discuss weaknesses and threats of blockchain, a subject few are talking about in the early stages of adoption and use of blockchain technology in 2018.