Page 7 - Cybersecurity
P. 7
NYLJ.COM |
Cybersecurity | MONDAY, JUNE 5, 2017 | S7
Blockchain:
The Key to True Cybersecurity?
institution. Moreover, the blockchain allows for the automatic execution and settlement of business rules without human intervention through “smart contracts.”
There are public or “permissionless” block- chains (such as that underlying Bitcoin), where anyone can be a node on the network, and the transaction ledger can be accessed by everybody. Security is accomplished through wide distribution and the use of cryptography to secure data. For developing commercial applications, the preferred implementation is a private (or “permissioned”) blockchain implementation, with limited or pre-selected participants authorized to transact on the network. In either case, however, no single entity or node controls the ledger—the net- work itself verifies the transactions through a “consensus mechanism.”
The blockchain was originally conceived as the peer-to-peer technology platform that allows for the transfer of the digital currency Bitcoin without the need for a trusted interme- diary. Naturally, the initial and most obvious use of the blockchain outside of Bitcoin is “fintech”—technology-based payment and financial transaction systems. Beyond fintech offerings, however, data representing digital currency could conceivably represent other types of information or assets—an awareness that has spurred the development of a wide range of applications, including cybersecu- rity solutions related to e-commerce, con- nected devices and critical infrastructure. Not surprisingly, last year, the Department of Homeland Security awarded grants to sev- eral small entities to develop new blockchain- based cybersecurity technologies to support identity verification and the Department of Defense’s research arm DARPA awarded con- tracts to develop blockchain-based integrity monitoring systems that can detect advanced persistent threats (APTs) in networks. Such investments reflect the hope that blockchain technology can secure digital assets trans- mitted across multiple platforms, from the Internet to mobile to the cloud.
Certain features of blockchain lend them- selves to enhanced cybersecurity and the protection of digital assets stored and trans- ferred over such a platform:
• Irreversible transactions: Unless a “back door” is built into a private blockchain or a single entity controls more than 51 percent of the nodes of a permissionless network (i.e., a “consensus attack”), blockchain transac- tions are immutable. Blockchain can prevent the manipulation of databases and thereby reduce fraud, and because every transaction within the network is irrevocably recorded, electronic records are more auditable. Not surprisingly, some state legislatures are debat- ing bills that would authenticate blockchain- based business records.
• Decentralized nature: Blockchain’s dis- tributed peer-to-peer nature eliminates the need for a trusted intermediary or clearing- house, a single centralized database that might be the focus of cyberattacks.
• Confidentiality: Identities are anony- mous in a public blockchain like Bitcoin (with payment activity being transparent). However, in a private blockchain, authenti- cated parties may desire more confidentiality (for business and regulatory reasons), with certain details of transactions » Page S14
BY JEFFREY D. NEUBURGER AND JONATHAN P. MOLLOD
As the world rapidly shifts the underpin- nings of complex global commerce to online platforms, blockchain and its distributed ledger technology may offer a compelling approach to minimizing cyber- security risk. Because of how the blockchain is designed, transactions and related data are immutable, secure and decentralized, and may be impervious to security breaches that might affect data stored in a single, central- ized place. How might companies incorporate blockchain to secure data?
JEFFREY D. NEUBURGER is a partner at Proskauer Rose. JONATHAN P. MOLLOD is an attorney and technol- ogy, new media and telecommunications content editor at the firm.
Ultimately, in developing blockchain-related cybersecurity applica- tions, developers will have to balance confidentiality and traceability, along with maintaining a secure network, all within the current legal and regulatory environment.
This article will discuss blockchain gener- ally and its potential cybersecurity-related functions, security considerations when plac- ing assets on the blockchain, and whether existing laws and regulations will have to be changed to foster new blockchain technolo- gies.
What Is Blockchain?
In a “blockchain” or distributed ledger net- work, individual transactions are grouped into “blocks.” As a block of transactions is verified,
the block is distributed to all the participants on the network (often referred to as “nodes”), and is logically and irrevocably linked to the block before it (creating the “chain”). In this way, all of the nodes have a full and complete copy of every transaction ever conducted through that network. Unlike centralized ledger networks, the chain can be updated with a new transaction by any node on the network, with all nodes’ copies of the chain being identical. In short, the principal innova- tion is a method to digitally send something of value without a trusted intermediary or
SHUTTERSTOCK