Maksim Kabakou - Fotolia

Security Think Tank: Risk mitigation is key to blockchain becoming mainstream

What are the best and most effective ways information security professionals can use blockchain technology?

A solution in search of a problem, blockchain is often associated with cryptocurrency, which is, arguably, the single worst application of the “immutable” ledger that defines the technology. Supply chains are a much better use, due to the high levels of integrity and availability provided by a blockchain.

A blockchain is essentially a piece of software, run on multiple computers (or nodes) that work together as participants of a distributed network to produce a record of transactions submitted to that network in a ledger. The ledger is made of blocks that are produced when nodes run complex cryptographic functions, which are chained together to produce a blockchain.

Nodes perform validation of each block that is created to verify its integrity and ensure it has not been tampered with. If a majority of nodes validate the block, consensus is reached, confirming the recorded transactions to be true. The block is added to blockchain and the ledger is updated.

This consensus-based approach means a blockchain is often considered immutable or indelible, making it near impossible to tamper with or erroneously alter without detection.

Security benefits of blockchain

The validation process ensures high integrity, which underpins the technology. Validation depends on the distributed nature of the network, making a blockchain highly available and resilient. Provided just one node remains available, the blockchain continues to function and the ledger can be viewed by any stakeholder.

Such “guarantees” of integrity and high availability make blockchain well suited for supply chains. Two examples are prominent here: Maersk and IBM partnering on a blockchain platform that records and tracks shipping manifests across global supply chains, and Volvo using a blockchain to track and verify ethical sourcing of rare earth minerals used in vehicle production.

For Maersk’s globalised trade, fraud and complex information management are considerable challenges. By using a single, centralised ledger that is deemed immutable and is available to all authorised stakeholders, such obstacles are reduced significantly. Five of the world’s six largest shipping companies – and many smaller suppliers – now take part in Maersk’s blockchain platform as it “provides greater trust, transparency and collaboration across supply chains and helps promote global trade”.

The single, shared platform streamlines the supply chain and removes the need for endless spreadsheets and programmes, easing logistical administration and saving money. The distributed and consensus-driven approach to validating blocks protects against tampering or adding fraudulent transactions to the ledger.

Even if a node is compromised, attempts to falsify the digital ledger to conceal theft or cargo smuggling will be detected and prevented by the validation performed by other nodes, as they will reject fraudulent blocks.

Using a blockchain to verify supply chain ethics also uses the blockchain’s transaction ledger, which is widely available and considered to be of high integrity. Not dissimilar to the Kimberley Process Certification Scheme (KPCS), which works to prevent trade in conflict or “blood” diamonds, Volvo’s application of a blockchain makes use of the technology’s integrity and availability attributes.

Falsification of documents is commonplace in conflict regions, so blockchain makes that process far harder, while the transparent nature of the ledger makes tracking the often lengthy journey of shipments much easier. Again, this greatly reduces the overheads associated with information exchange and streamlines the process of looking to identify whether items are being stolen from, or falsely added into, the supply chain.

Read more from Computer Weekly’s Security Think Tank about how information security professionals can use blockchain technology

Although still in its infancy and, to date, arguably misapplied in the shady world of cryptocurrency, the opportunities provided by a transparent, immutable transaction log that offers strong integrity and a high degree of availability are well-suited to management and protection of supply chains in all industry sectors.

As an ISF briefing paper makes clear, despite a decade of evolution, blockchain technology remains volatile and could still change dramatically over the coming months and years. Potential security risks need mitigation to enjoy the benefits of blockchain.

The Australian government pronounced blockchain as lacking a viable application not already better performed by existing technology. But the same was initially true for the electronic light bulb, the telephone, television, aircraft, and many other technologies that are now staples of modern life. Will blockchain be next?

Read more on IT risk management