I have noticed that the mere mention of the word “blockchain” elicits a myriad of responses among groups of IT security professionals. I find that some individuals roll their eyes, murmuring disapproving phrases such as, “It’s just a glorified database.” Others will go on excited tangents about how much cryptocurrency they own, and then every reaction in between. Putting aside personal beliefs, technological prejudices, and hopes of retiring early with all the sweet cash to be made in the crypto market, blockchain technology is here, and it is starting to be taken seriously by numerous industries.
Why is this seemingly simplistic and somewhat untested technology beginning to take hold? It is almost impossible to go to an information security conference without seeing at least a few talks on blockchain on the agenda. Questions such as, “How can we use blockchain?” are starting to become more prevalent from upper management and C-suite levels. Before we can answer that question, let’s look at some of the basics.
Blockchain Breakdown
If you have heard the term, but still do not feel like you quite get it, here is a quick example.
Take some data (any data will do) and call them a block. Now, send that block of data through a hashing algorithm. Take the hash digest from the block and put it in the next block of data and hash that data. We have now created a blockchain (figure 1).
This is a bit oversimplified, and there are more complex data structures and functionalities that modern blockchains contain such as Ethereum’s capabilities for smart contracts. However, this is a good place to start when trying to understand how blockchain works. We can easily see the benefit of storing data this way. If a person or process were to go back and change even one bit of data within the chain, it would completely change the subsequent entries and data in the chain and could be easily detected and neutralized. Blockchain also creates the capability to quickly check the legitimacy of a copy of the data by looking at the most recent hash of the most recent block. The largest test case for this idea has been implemented with cryptocurrency in a public blockchain.
Public blockchains such as Bitcoin attempt to create trust in a trustless network. In other words, anyone around the world with a computer can join the Bitcoin blockchain and store a full copy of the current ledger on their system (which is about 250,000 MB in size as of the writing of this article1) and contribute to the ledger. However, the use of private blockchains where the entity using the technology owns all the hardware being used to store, calculate and maintain the chain is beginning to take hold in several industries.
Innovations With Blockchain
Massachusetts General Hospital (USA) is teaming up with Korean startup MediBloc to safely track and distribute patient information within the hospital’s information systems.2 If every patient’s diagnoses, procedures, medication dosage, wait time and care provider is stored in a quickly distributed and immutable way, it may be possible to track and even prevent mistakes. This implementation is currently in its testing phase and has not been fully adopted.
Blockchain is being used in supply chain as well. Walmart Canada and DLT Labs launched a freight and payment network.3 This implementation of blockchain is being used in Walmart Canada’s production environment and keeps track of numerous aspects of the supply chain, including shipping details and account information. The benefit here is keeping track of assets as well as goods and payments within a blockchain.
It would be remiss of me not to at least mention blockchain’s usefulness in the financial sector and cryptocurrency. Having an immutable distributed ledger within a financial system has its obvious advantages such as self-auditing and transparency. But adding the ability to execute specific code after a transaction with smart contracts allows the automation of some of the more tedious and overwhelming tasks such as property transactions and insurance claims. And then there is Bitcoin.
The truth is, blockchain technology would not be as talked about without cryptocurrency. With Bitcoin’s current market cap at US$129 billion,4 its potential impact cannot be overlooked. Whether or not that potential impact will be that of net gain or loss is constantly in question. The volatility of the crypto market should not be ignored, and it seems like every time you turn around there is another initial coin offering (ICO) with promises of becoming “the next Bitcoin.”
What Will the Future Hold?
The trend of testing blockchain technology in different industries will continue in 2020, and we will probably start seeing some business spin-off opportunities as a result, including blockchain system security, audit and governance roles. Although blockchain could be used to nearly eliminate the need for auditing of the data within, it will not eliminate the requirements to conduct audits on the systems that run it. Governance and regulations will still require that we conduct attestation on these systems and verify that they are functioning properly and securely, and we should expect to see even more in-depth guidance from organizations such as the US National Institute of Standards and Technology (NIST)5 and the International Organization for Standardization (ISO)6 in the near future.
Blockchain technology still utilizes classic computer systems, networks and software. Some of the software is proprietary and the hardware specific, but we are still talking about everyday information systems that are vulnerable to attack and exploitation. We have only scratched the surface of possible vulnerabilities within blockchain itself.
Blockchain also brings its own unique technical challenges and drawbacks, such as the continuous need for storage capacity and cryptologic obsolescence, which may prove problematic over the course of time for specific blockchains. However, problems spur innovation, and we may see some interesting solutions that will cross technology boundaries in 2020.
Are you currently implementing blockchain or another emerging technology in your industry? We would love to hear about it. Email futures@isaca.org.
ISACA® offers a hands-on blockchain course for those interested in learning the basic cryptologic functions, data structures and configurations needed to implement blockchain technology (https://nexus.isaca.org/products/132).
Endnotes
1 Liu, S.; “Size of the Bitcoin Blockchain From
2010 to 2019, by Quarter,” Statista, 1 October
2019, https://www.statista.com/statistics/647523/worldwide-bitcoin-blockchain-size/
2 Miliard, M.; “Massachusetts General Hospital
Piloting Blockchain Projects With Korean
Startup,” Healthcare IT News, 6 December 2018, https://www.healthcareitnews.com/news/massachusetts-general-hospital-piloting-blockchainprojects-korean-startup
3 Brett, C.; “Walmart Canada and DLT
Labs Launch Production Blockchain,”
Enterprise Times, 21 November 2019, https://www.enterprisetimes.co.uk/2019/11/21/walmart-canada-and-dlt-labs-launch-production-blockchain/
4 CoinMarketCap, Top 100 Cryptocurrencies by
Market Capitalization, https://coinmarketcap.com/
5 National Institute of Standards and Technology,
Blockchain, USA, https://www.nist.gov/topics/blockchain
6 International Organization for Standardization
(ISO) Technical Committees (TC), ISO/TC 307
Blockchain and distributed ledger technologies, https://www.iso.org/committee/6266604.html
Dustin Brewer, CSX-P, CCSP, CEH, CHFI
As ISACA’s principal futurist, he explores and produces content for the ISACA community on the utilization benefits and possible threats posed by emerging technologies to current infrastructure. He has 17 years of experience in the IT field beginning with networks, programming and hardware specialization. He excelled in cybersecurity while serving in the US military and, later, as an independent contractor and lead developer for defense contract agencies, he specialized in computer networking security, penetration testing, and training for various US Department of Defense (DoD) and commercial entities. Brewer can be reached at futures@isaca.org.