Every year, the technology we use to defend our government systems becomes more advanced. Over the past decade, we have witnessed the evolution of the cloud, the internet of things, big data, artificial intelligence and machine learning. As a result, we continue to accomplish more, from building smarter, safer cities to developing self-driving cars to enhancing data management so we can learn more about our world than ever before.
These technologies serve many purposes, but as a side effect, they tend to make the government’s massive troves of data into an even larger cyber threat surface. Too often we hear news stories about both attempted and successful hacks in which highly sensitive information is stolen or leaked.
What is more concerning is the attacks we don’t hear about, often going unnoticed. This is data manipulation, when a bad actor accessing a system alters information, rather than taking it. These kinds of breaches are harder to detect, require meticulous monitoring to identify, and can be far more disastrous to national security.
There’s no question we’re entering a new world when it comes to cybersecurity. This is where blockchain comes in. Thwarting data manipulation traditionally means a manual audit log process, advanced user behavior analytics and countless man-hours. Blockchain, as opposed to hashing, removes these time consuming requirements. Blockchain is a digital ledger in which transactions or data are stored chronologically. A distributed ledger holds one verified chain of information, and therein lies its value — data manipulation attempts can be quickly identified and then rejected so the damage never occurs.
The United States of blockchain
Generally speaking, any business can use blockchain for better supply chain management, clearer contracts, faster payments and even more secure background checks. Blockchain’s central ledger and thus central authority-based design has made it particularly popular in the financial services sector. Its sequence of information protects previous transactions in the chain from being forged or destroyed, making it handy for secure, global transactions and access controls. Banks can even use the increased transaction transparency to develop better rewards and loyalty programs.
Government also needs foolproof security. The U.S. government is no stranger to blockchain as a concept, having successfully employed blockchain at agencies such as the Treasury Department for real-time management of inventory. Many governments around the world already utilize it to manage and share large volumes of data. It can be used to improve citizen services like healthcare, matters like ownership transfer from wills, business registration and more. Blockchain is even being used to store and protect evidence in court cases to prevent tampering and ensure integrity. Its use in infrastructure, such as power grids, reduces the number of central control systems and thus reduces the threat surface for cyber attacks.
The future of blockchain
As mentioned previously, a single distributed ledger of data means every change is at least noted and if necessary, rejected, making the likelihood of undetected data manipulation low. It’s nearly impossible for a hacker to change a full sequence of information on the scale at which federal agencies store data. The bigger volume, the better — and that’s why blockchain is perfect for defense.
As organizations and agencies gear up to implement blockchain, many individuals are taking courses and pursuing certifications in everything from basic concepts to blockchain development to decentralized applications. As the technology advances, so will the fields and thus the available training opportunities. The greatest threat to the blockchain is the original code, so some companies are specifically positioning themselves to assist with or directly perform an initial security audit of a distributed ledger. While this sets certain organizations apart for the time being, strong code will eventually be the norm among those implementing blockchain.
Blockchain will also help bolster existing security measures, such as providing System and Organization Controls, or SOCs, with better information to verify. SOCs are essential to mitigate threats, monitor systems and respond to alerts, and more mature, efficient SOCs will reap the greatest benefit from blockchain.
Road blocks and building blocks
While investments are being made further study blockchain and build out implementation use cases to prove its value and effectiveness, it’s still a long way from being fully implemented. Given that blockchain is in its infancy, agencies are in a similar position as cloud implementation almost a decade ago.
The barriers to implementation at this time mainly revolve around the fact that many government agencies function independently, rather than as a group. Collaboration and information sharing is crucial for blockchain to become truly functional for defense agencies. Broken legacy technology and strained resources also make it difficult to implement. Cloud adoption was — and in some cases still is — slow to flourish. However, given the large, distributed, and cloud-integrated systems and networks that our government now does have in place, this creates the perfect foundation to effectively implement blockchain solutions with a much lower risk of susceptibility.
Much like the other once-emerging technology, blockchain will become more mainstream in the coming years. The technology will change national security from a credential, logistical, audit and verification perspective.
Not only does blockchain offer a reliable, trustworthy security approach, but it’s more cost-effective than any other available technology. The ability to truly defend our nation’s most sensitive data without fear of another hack gives our government and national security teams the trust of its citizens, which is priceless in itself.
Mike Ewell is director of cybersecurity development at Solutions By Design II, LLC in Vienna, Virginia.