Blockchain: What Decentralisation Can Bring to Cybersecurity

The cybersecurity industry is no stranger to new technology. After all, it's an industry that has to be proactive in order to stay ahead of adversaries. 

This is more prevalent now than ever before. The increasing threat landscape, riddled with ransomware and a surge in distributed denial of service (DDoS) attacks, is increasing the pressure on professionals as they look for new ways to fight the onslaught. 

Equally, the attack surface for which attackers can gain entry to the network has exponentially expanded. Cloud storage, hybrid workers and risk from third-party suppliers may have many feeling like the issues are outpacing solutions. 

Although solutions are circulating, panaceas are hard to come by in cybersecurity. 

But one game-changing technology, blockchain, has the potential to address a number of these issues due to its unique strength: decentralisation.

“Blockchain technology, with its distributed and decentralised structure, introduces a novel approach to cybersecurity,” explains Abhi Srivastava, Associate Vice President, Digital Economy at Moody’s Ratings.

Examining the building blocks of blockchain 

Blockchain is a distributed ledger technology that securely records transactions across a network of computers in an immutable and transparent manner. Each transaction is grouped into a block, which is cryptographically linked to the previous block, forming a chain. 

This chain is maintained by a network of nodes that validate transactions through consensus mechanisms, ensuring that no single entity controls the entire network. 

It’s the decentralised nature of blockchain that generates interest in its use in a cybersecurity context. 

“Blockchain is revolutionising cybersecurity by offering a decentralised and immutable platform for data storage,” adds Umashankar Lakshmipathy, Executive Vice President at Infosys. “Its key foundational principles are helping solve key cyber challenges in data security, identity verification and data privacy area.”

Bolockchain's decentralised and immutable characteristics can significantly enhance data security and integrity by eliminating the need for a central authority.

This idea of decentralising data – in an age where a centralised platform for managing an increasing number of elements of security is preferred – may seem counterintuitive. Yet decentralisation offers benefits that could offer additional strengths. 

Blockchain’s security benefits

Blockchain’s cryptographic algorithms ensure that data stored on the blockchain cannot be altered without detection. Consensus mechanisms like Proof of Work or Proof of Stake ensure that any changes to the blockchain are validated by the majority of nodes, preventing unauthorised modifications and providing a reliable audit trail.

It is for reasons like this the technology has found its way into organisations dealing with sensitive data.

“The military already uses it, with Lockheed Martin being an example,” explains Konstantinos Karagiannis, Director of Quantum Computing Services at Protiviti. “Lockheed Martin uses the technology in systems that deal with sensitive engineering and software development.” 

This data integrity is further enhanced by how the system can help manage identities. 

“Identity and access management stands out as a key area that could benefit from blockchain technology, as it addresses key cybersecurity challenges such as identity theft, and privacy concerns,” continues Sami Dhifi, Director and Cyber Risk Services Lead at Alvarez & Marsal.

Traditional identity management systems often rely on centralised databases, which create single points of failure that are vulnerable to data breaches and identity theft. 

This means that, if the database is compromised, all the stored data is at risk. This centralisation makes them attractive targets for cybercriminals, as gaining access to a single database can potentially expose vast amounts of sensitive information.

Additionally, the reliance on a central authority to manage and authenticate identities can result in bottlenecks and inefficiencies. 

In contrast, blockchain-based systems decentralise identity management, using distributed ledger technology to ensure that identity data is securely stored and managed across a network.

This decentralisation eliminates the risk associated with centralised data storage, making it exponentially harder for malicious actors to alter identity data without detection.

Unlike centralised systems, once identity data is recorded on the blockchain, it cannot be changed without consensus, thus maintaining the integrity and trustworthiness of the information.

Equally, decentralisation can prove useful against the growing scourge of DDoS attacks. 

“Blockchain has also been able to resist malicious activity by internal users, external DDoS attacks and Sybil attacks,” says Abhi.

DDoS attempts to disrupt the normal functioning of a targeted server, service or network by overwhelming it with a flood of internet traffic. This is achieved by utilising multiple compromised computer systems, often referred to as a botnet, which sends a large volume of requests to the target, consuming its resources and rendering it unable to respond to legitimate requests. 

The distributed nature of DDoS attacks, with traffic originating from numerous IP addresses, makes them difficult to defend against.

But the decentralisation of blockchain makes it more challenging for DDoS attackers to overwhelm a single target as no single target is responsible for upholding the whole network. 

Even if one or a few nodes are targeted and overwhelmed by a DDoS attack, the rest of the network can continue to function, thereby maintaining overall network integrity and availability. 

Blockchain stumbling blocks

Although the potential for the technology seems vast, there are numerous challenges that have stopped wider spread adoption of blockchain companies’ cybersecurity systems. 

“Despite seeing acceptance of blockchain-based solutions in multiple business areas, for the cybersecurity domain there are a few critical challenges we have foreseen,” says Umashankar.

With all digital transformations, complexity remains a key issue. The integration of blockchain with established systems can be complex and resource intensive.

And yet, because blockchain is not as widely established, many vendors in the space are small and use blockchain to solve specific problems. Therefore, integrating it into larger enterprises with vast environments and network architectures is proving challenging. 

Even if an enterprise wanted to take a piecemeal approach, with numerous vendors providing different elements of blockchain integration, interoperability remains an issue.  

Furthermore, the wide variety of blockchain platforms can make it hard to share information between them, leading to interoperability challenges for cross-network implementations.

Scalability as a network grows could also cause congestion, leading to slower transaction processing times and higher fees. This drawback makes blockchain less viable for real-time security applications.

But perhaps one of the big issues links back to the issue of decentralisation: data diffusion. Because blockchain is decentralised, this may constitute a governance challenge, especially when a network is managed by a consortium or community outside the control of the organisation.

“When it comes to public blockchain network-based security solutions such as sovereign identity solution or verifiable identity solution,” Umashankar goes on, “there is always a regulatory and compliance concern on crucial PII data shared in an open peer to peer decentralised network.”

This means that, while the benefits of blockchain and decentralisation are very real, in practice it isn’t easy to implement blockchain across an organisation in every system.

Replace or augment?

While blockchain and decentralised systems bring benefits to cybersecurity systems, they also introduce several as-yet-unaddressed problems.  

However, for the Internet of Things (IoT), for example – a network made up of sometimes hundreds of endpoints – the applications are there.

“IoT can get a considerable boost via blockchain. Devices can use blockchain to have unique IDs and rely on lighter encryption protocols like DTLS,” explains Konstantinos. “They can be controlled on a network and such a set-up could prevent rogue devices, unauthorised access and elevated levels of privilege.”

Equally, implementing them as part of a broader cybersecurity posture can take some of the positives while avoiding some of the complexities. 

“Blockchain is not a cure-all for security challenges,” says Sami. “Organisations must distinguish between the security features inherent to blockchain and the additional security controls that need to be implemented.”

Despite ongoing challenges, blockchain presents a solution for creating more secure, efficient and user-centric digital identity systems.

With cybersecurity often using defence in depth, adding another reliable step like blockchain onto other protocols, such as multi-factor authentication, can bring tangible benefits to security postures. Even if it doesn’t transform it just yet.

To read the full story in the magazine click HERE

**************

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand