By Dr. Kevin Harris, Program Director, Information Systems Security, and Information Technology Management, American Public University System
For the last several years, perhaps the hottest technology – certainly the one attracting the most attention and investment, if the number of start-up companies focused on the technology is any indication – is blockchain. Given its roots are in cryptography and security, the technology today is increasingly viewed as having a potentially significant role in the development of industry-specific cybersecurity defenses and systems.
Indeed, on the one hand, blockchain has moved beyond the proof of concept stage and is showing it has the potential to be a positive disrupting technology in cyber security for a wide range of industries and use cases. At the same time, blockchain has an opportunity to ensure that a secure computing environment is available for a wider segment of the global population.
On the other, blockchain remains in the capacity-building stage: a supporting ecosystem including trained IT professionals, supportive technology, and educated users which must be expanded before we’ll see widespread adoption. In this way, the current status of blockchain in cybersecurity is similar to the position of electrical vehicles before chargers were commonplace and automotive repair businesses had technicians trained with the new technology.
Opportunities and Challenges for Blockchain in Cyber Security
While some argue that the possibility for anonymity is blockchain’s most significant benefit, its ability to address all components of the “CIA triangle” (confidentiality, integrity, and availability) is what truly distinguishes the technology. Blockchain’s ability to securely save and transmit encrypted files via its chain of digital blocks gives users the confidence their data has remained confidential and has not been altered. And with the decentralized distribution of data, blockchain ensures authorized users have access to data regardless of device or location.
Given that promise and potential, the number one challenge to blockchain adoption will continue to be user acceptance. While the technology has been and continues to be proven effective and efficient in certain applications, its acceptance as a viable, or even central, the method is far from certain. A useful lesson here can be seen in the use of biometrics. While biometrics has provided increased security — especially when implemented as part of a multifactor authentication strategy – it was never fully adopted because of low levels of user acceptance. That said, one advantage blockchain has over biometrics is this: the privacy concerns many have had concerning the potential compromising and malicious use of personal biometrics will not be there with blockchain technology.
Blockchain: A More Inclusive Technology
Technology overall has continued to create digital divides between various populations. Security implementation has often widened this gap by requiring implementation in software or hardware. As efforts to protect critical infrastructure components of organizations and nations solutions have been developed to mitigate ongoing threats, investments of resources including financial and personnel are often required to secure sensitive data. Biometrics is one example of an implementation requiring the acquisition of expensive resources – in this case, biometric readers. Other efforts including PKI certificates require the purchase of certificates or the development of internal key infrastructure. In these cases, those who could not afford to invest resources in innovative security technologies are at a greater risk of being compromised.
Ironically it is the populations who are at a greater risk which often have the most to lose in the event of a breach. Developing nations in the early adoption stages that experience a disruption could be affected in multiple areas. Confidence in the project could be devastated, leading to reduced support of the initiative. Or, attackers could gain access to a wealth of information that could be used again the nation for years to come.
Individuals in underserved populations often lack the resource to protect personal devices with additional security measures beyond their operating systems. With lax security practices in place, individuals’ personally identifiable information is at risk as services are performed online including banking, accessing medical records, utilization of governmental services, and engagement of social networks. Other populations that may access sensitive information from multiple locations are transient, including college students, homeless individuals, and frequent leisure travelers. Transient populations often use common use machines in libraries and hotels that may be vulnerable.
That’s where the promise of blockchain plays a role. Blockchain technologies and implementations will allow secure computing to take place without the resource investment previously required. The ability to provide a higher level of cybersecurity to a large community may allow individuals and nations to secure valuable digital assets while decreasing the number of machines a hacker can potentially exploit — and ultimately, lessening the attack vector.
The Future of the Relationship
This year will see blockchain’s remaining mystique elbowed aside. As business users and consumers alike are introduced to scenarios where blockchain is utilized or discussed, the technology will inevitably be viewed as a legitimate building block and service enabler. That changed viewpoint, in turn, is likely to lead to higher levels of user confidence, training provider interest, executive buy-in, and inclusion in many organizations’ IT strategy and design.
Whether and how that increasing user acceptance will apply to the cybersecurity sector remains to be seen – but the use of blockchain in cybersecurity appears to have a bright future, as evidenced by a look at a few potential use cases. In healthcare, blockchain has the potential to revolutionize the sector in a way that probably was not anticipated with the advent of electronic medical records. Medical records can be securely accessed via private node blockchain and accessed by any medical provider. Similarly, in higher education, institutions could use blockchain technology to provide fast, secure access to transcripts. And for businesspeople and consumers who have email addresses – which is to say, just about all of us – blockchain can better protect and secure our email communications, which today are commonly not encrypted.
The bottom line for blockchain and cybersecurity? The relationship seems to be moving beyond wary courtship and toward the altar, but a bit more dating and time may be required before the wedding invitations are mailed.
About the Author
Dr. Kevin Harris is the Program Director for Cybersecurity, Information Systems Security and Information Technology Management, and serves as the alternate Cyber Center Director at American Public University System. He has more than 20 years of experience in the information technology field with positions ranging from systems analyst to CIO. He performs research on the digital divide and works to ensure a trained cyber workforce in the country. He earned his Bachelor of Science degree in Computer Information Systems from Lincoln University in Missouri; his Master of Science degree in Computer Management Information Systems from Southern Illinois University-Edwardsville; and his Doctorate of Business Administration with an emphasis in Information Systems from Argosy University. Kevin can be reached online at KHarris@APUS.edu and at the American Public University System website, www.apus.edu