Can blockchain be a revolutionary technology in the world of cybersecurity?
Increasing digitalization and computational power has paved the way for the use of blockchain. There is a plethora of uses of these technologies for individuals, companies, and state actors, however, the fundamental technology employed is the same. Besides the revolutionary technical innovation, the blockchain technologies have been seen a promising breakthrough in the realm of cybersecurity and in particular data protection: cybersecurity is relevant for companies, state actors but also for individuals seeking to protect their personal data. As of recent, an increasing number of different types and scale of cyber-attacks has brought into the spotlight a need for stronger cybersecurity. The development of legislation including the General Data Protection Regulation (GDPR) in Europe and the Data Protection Act in the US are steps to address the issue. Further efforts are also needed in the technology side; to see to what extent blockchain technologies can address the increasing cybersecurity concerns. At this point, it is rather well established that these technologies have unrefutable strengths, stemming most importantly from decentralized nature, immutability, and encryption. However, like any other Information Computer Technologies (ICT) blockchain has vulnerabilities, caused by user errors as well as limitation of the technology itself.
This article will discuss both the benefits and drawbacks of blockchain technologies within the realm of cybersecurity. The first half of the piece will cover the qualities of the technologies that make it a suitable candidate for use in this domain: its decentralization, immutability, and encryption. The latter half will assess the potential shortcoming of the technologies; in terms of both the users of the technology and in terms of capabilities.
The lack of a centralized entity having control over blockchain is a major benefit in its use. By spreading out the technologies over a large number of nodes that validate its activity it is possible to prevent the occurrence of a single point of failure (SPOF). In the case where a node stops functioning possibly due to failures in hardware, the technology utilizes its other nodes utilizing other hardware in order to validate the transaction. The lack of a centralized entity management allows access the ledger no matter the geographical location or hardware being used. Without pressures from a central entity, these technologies are not bound and impacted by ideological pressures. Cybersecurity remains apolitical to ensure that security is not compromised as a part of either domestic or foreign policy. This high level of transparency does not allow for anything to be hidden as it can be validated and verified by everyone. However, the decentralized qualities of blockchain does contain some drawbacks. Without a central organization, it is not possible to create standards and regulations for the key providers. This could present problems in terms of ease of use thus increasing the number of scams for unknowledgeable users. Moreover, this may present issues in terms of data protection due to the scope of the GDPR and other legal frameworks.
Another quality of blockchain that enables to address issues related to cybersecurity is its immutability. Blockchain’s vulnerabilities occur when malicious actors are able to modify data contained in 51% of nodes. When this occurs, hackers are able to change the content of the ledger: the collection of blocks of data. This problem has in part been dealt with by using a
variety of consensus protocols that ensure that the information being stated by the nodes is validated in a standardized way. This incorruptibility of information plays a large role in cybersecurity as it does not allow for hackers seeking to change the ledger without incurring massive costs. As such, blockchain technology presents itself an appealing immutable and transparent store of data. Moreover, this quality could prove to be beneficial in terms of ensuring that parties conduct themselves transparently. However, this immutability also has drawbacks in the extent that it does not allow for revisions to the ledger. Not being able to update the information could prove an issue, particularly in terms of data protection that concerns the ability to revise and more importantly remove information.
As blockchain was formed to be a public ledger, encryption is not a part of its nature. However, for the realm of cybersecurity the ability to encrypt the data within the immutable store is appealing. Encrypting the data on the blockchain would negate the need for keeping the information secure; ensuring that malicious actors cannot use the data is easier than attempting to prevent access to the data. Moreover, a private blockchain could be used and no encryption would be needed. This could in essence be done by swapping out a public key with a private one for accessing the ledger. This could be used in the vein of the ‘zero trust’ model by which identification is needed before being able to access the ledger. Furthermore, utilizing this ‘need to know basis’ method for accessing the ledger could reduce the attack surfaces between contractors and main entities thus limiting the impact and likelihood of supply chain attacks. A Linux group project, Hyperledger, is currently trying to enable companies to exploit these private blockchains to their fullest potential by making them accessible for companies to use on a smaller scale.
The threat of user error plays a large role within blockchain technologies due its decentralized nature. The lack of a central governing entity means that there are no general practices for service providers. This leaves users liable for their own actions; untrained people may find it difficult to navigate these systems and discern scams. When cyber criminals are attempting to gain access into a system, they often look for the weakest link to gain access. In the case of blockchain, in large part, these vulnerabilities stem from user error rather than technological weaknesses. As such, criminals are compelled to target the users of the blockchain technologies to gain access.
There has been a marked rise in the number of scams particularly against users of cryptocurrency platforms over recent years. Not only are scams in the names of financial institutions profitable, gaining illicit access to any personal data can be beneficial for criminals looking to resell the information on the dark web. These attacks have particularly risen in popularity due to an increase in hybrid working modalities introduced during the covid pandemic. A rise in the number of people working from home using remote access has increased the potential attack surface for hackers. It is through purchasing these passwords that are found through fishing campaigns and other malware that other malicious actors can gain access into the company’s system. These factors seem especially pertinent considering the astronomic rise in popularity of blockchain technologies. For example, in Estonia, blockchain technologies have been adopted for personal identification in governmental systems. As such blockchain technologies play a role within the most critical parts of society. In this case, user error could have catastrophic impacts with large amounts of data being available to the malicious actors.
blockchain also has some limitations for cybersecurity in terms of the technology. Most notably, forensic cybersecurity could be made significantly more difficult. Attack attribution and tracing attackers has become more difficult with a rise in the use of crypto as a payment method for ransomware. Without being able to validate who the owner of the wallet is, it is impossible to find the culprit of the attack. The applicability of blockchain technologies can also be restricted by limiting the ability of smart contracts to be run or altering their intended effects. Denial of Service attacks (DoS) that increase the volume of transactions to exceed the blockchains capacity can stop the functioning of smart contracts. These problems do not arise from the technologies of blockchain but rather the direct applications of them to the real world. Another limitation of using blockchain technologies is the large amount of energy and computing power required. With the worlds temperature ever rising it is important to consider massive environmental impacts of the use of technology. It is pivotal to find a balance between reducing energy consumption and moving forwards in the domain of technology. Notwithstanding, Blockchain as a Service (BaaS) seeks to solve this issue by presenting blockchain solutions on the cloud.
In conclusion, the decentralization, immutability, as well as the encryption of blockchain makes its suitable candidate for being used to address issues found in cybersecurity. The technologies do however have some limitations in terms of their applications. In addition to user error that occurs in all IT systems, due to their nature the blockchain technologies could possibly hinder the development of cybersecurity. The full potential of blockchain in the domain of cybersecurity is still yet to be discovered. This will require understanding which qualities of the technologies need to be harnessed and focused on when offering cybersecurity solutions. When considering how blockchain can lend itself to cybersecurity it is pivotal to consider the main goal of reducing the level of the harm to a manageable level.