There’s a lot of buzz about blockchain these days, even in government. In fact, we predict that 2018 will be the year of blockchain in government. Blockchain’s inherent security makes it resistant to data manipulation, making it a great tool for securely recording transactions between two parties, everything from medical records, contracts, transactions, even online voting. DoD and GSA are already looking into blockchain as a way to improve cybersecurity and reduce waste. But blockchain technology needs to be secured, just like any other application – with some twists. Morey Haber, VP of Technology at DLT partner, BeyondTrust, explains: “Blockchain implementations are only as secure as the applications that use them. Poor security controls for inserting data in the ledger will lead to tampering.”
Any entry into the blockchain ledger (blockchains are a multi-node distributed ledger system that secures entries based on volume and verification), must be validated for fraudulent activity. More importantly, the hosts that contain the blockchain implementations must be secured against vulnerabilities and privileged attacks that could tamper with blockchain insertions, says Haber
“There is no concept of blockchain ledger modifications. This is key to protect the integrity of the data. Once an entry is accepted, it is permanent. Therefore, if you can attack the server, application, and ledger processes, you can tamper with the blockchain. This is how some of the recent cryptocurrency attacks have been occurring.”
The takeaway? Blockchain alone is not secure. It’s just a distributed database ledger. So, how do you secure your agency’s blockchain’s implementations? Check out these tips from Morey Haber in his latest blog: Securing Your Blockchain Servers.