How to Think About Blockchain Security in a Federal Setting

IT managers should treat the blockchain data structure exactly as they would treat any other valuable corporate data, by reducing the risks to confidentiality, integrity and accessibility

Blockchain application servers should look a lot like an agency’s other application servers: They should be built with normal configuration controls and tools, the kind used for every other sort of app; they should have the same access controls as other application or database servers; they should fit into the agency’s IT infrastructure for redundancy, backup and monitoring, as would any other system. In other words, blockchain applications should look like other applications and shouldn’t create a new set of rules for IT managers.

Because blockchain software and tools are relatively new, especially in private blockchain variants and as commercial offerings, pay close attention to the security of these systems. Look at authentication databases, log files and configuration tools in particular. If your data center is not already microsegmented, a new blockchain project is an excellent place to start because the protocols and data flows should be easy to understand and easy to limit.

MORE FROM FEDTECH: See how the FDA wants to use blockchain to improve food safety. 

Why It Is Difficult to Scale Up Blockchains 

Blockchains, because they’re so computationally intense, do not scale easily. By their nature, the common blockchain algorithms are very expensive to compute compared with off-the-shelf database products from Oracle or Microsoft. While a blockchain looks very much like a database, experience in scaling traditional databases does not transfer easily.

This means that you need to pay careful attention to the expected number and size of transactions, which will vary depending on the project. If the project will likely have thousands of transactions per month, that’s probably OK. If it will have thousands of transactions per hour, then you’re going to have a serious performance problem that could cause the project to fail; there’s no cost-effective way to write thousands of transactions per hour. 

Performance problems will either cause the project to fail or the blockchain to be used for only a subset of transactions or for a rollup, such as an hourly summary. Figure out which of these is correct, and plan accordingly.

Blockchain projects may look like something new to the project team and CIO, but to the IT manager, blockchain is just another application. If you pay close attention to performance and scalability — the main differences between blockchain and most other applications — then successful deployment and operations are right around the corner.

MORE FROM FEDTECH: Discover why feds should look to Bolzano, Italy, to learn about blockchain. 

How Content Time-Stamping Works in Blockchain

Public blockchain projects depend on a network of participants to maintain the blockchain. In many cases, these participants join the network because there’s some kind of incentive — bitcoin miners, for example, get paid. 

Yet some blockchain advocates have found ways to build on top of existing public blockchains — usually Bitcoin or Ethereum — and use that foundation as a way to store data at low costs for an extremely long time. These systems are known as content time-stamping services and are a way to prove that a specific document (marked with a specific content checksum or hash) existed at a specific point in time. 

The time-stamp service stores the hash of the document, as well as other information (such as the time the transaction occurred), as a transaction on one of the major cryptocurrency platforms, paying a small fee (less than a dollar) for the privilege of storing data on the blockchain forever. Blockchain advocates have proposed this service as a way to verify public records ranging from property deeds to election results.

Some agencies have dipped a toe into these services, including the Department of Health and Human Services, which recently gained authority to operate and pull live data for a tool called HHS Accelerate that uses blockchain and artificial intelligence to enhance procurement. 

IT managers diving into these types of projects will find that setting up the blockchain part is the least of their worries. Yes, there will have to be a link to the blockchain at some point, as well as a way to pay for the time-stamping service, but the major portion of the work will be developing the application that generates the hashes and time stamps to be sent to the blockchain.

Crypto Destroyer

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.