Blockchain is a technology that basically distributes a ledger. For those of you in the financial management world, you know a ledger as the trusted source of transactions or facts. The same is true with blockchain. But instead of existing in a large leather bound tome or in a financial management application, blockchains are managed by a distributed set of computing resources working together to maintain that ledger.
Each transaction, or block within it, is linked together in an indisputable manner using public/private key encryption and internal validation algorithms. Hence the term ‘blockchain’. These links are created in such a manner as to be irrefutable, allowing the community to establish and maintain trust instantly, and can be linked all the way back to the original block (or transaction). The distributed community manages transactions, thus maintaining the ledger.
The uses for this technology are fairly broad in nature. Most of us have heard of digital currencies such as Bitcoin, Dogecoin, and others. Some operate on the TOR network, in the shadows of the real world. Transactions using these currencies are relatively secret, but more on that in a bit.
More open and commercial uses for blockchain include contract management, title and deed management, and other transactional operations that demand a high degree of certainty as far as what happened, when, and who was involved. Think of a simple service contract where two parties enter into an agreement. The original terms are noted within a block. As services are delivered, a block is added. As services are received, blocks are added. Payments for services rendered are recorded or even automatically managed. This documentation of the end-to-end process of contract management and associated events provides evidence of an irrefutable series of delivery validation points.
Blockchain systems and instances can be public or private. Bitcoin is managed in the open using strong encryption and tightly controlled algorithms. Companies can create their own private blockchain implementations to include digital currencies. In fact, several brokerages are now in the process of creating their own blockchain applications with localized digital currency. In these instances, the currency is tied to an account, with a certain number the digital currency units provided per Dollar, Euro, Yen, or Pound of intrinsic value in the account. At the end of the trading day, the brokerage can easily settle all accounts. They can also do it inexpensively.
Here is the first interesting thing – the cost per blockchain transaction is extremely low. This is particularly true when compared to credit card or bank account transactions. If a bank decides to purchase credit card operations from another bank, they have to be integrated into the purchaser’s IT environment. It happens. But the cost to do so can be tremendous, and can take a great deal of time.
The annual maintenance on thousands of applications working together to create and manage all credit card and bank account transactions is a huge burden on financial institutions. In addition, there is also problem management. Think of things like fraud, mischarges, disputed transactions, money laundering management, and a host of other things that have a high impact on bank resources (money, time, and people.) Managing credit cards and bank account transactions comes with a high level of cost and ongoing operational expense burdens.
Not so with blockchain and digital currencies. The entry fee from an IT perspective can be quite low. From a transactional cost perspective, the publically managed system incurs little to no cost whatsoever – transaction management is outsourced and the cost is a fraction of what it would be in a similar financial institution’s back end system.
In the case of a brokerage house, an in-house cloud computing environment can be used to provide distributed management of the ledger in a more privatized manner. Digital currency transactions are cheap, fast, irrefutable, and extremely reliable. This makes for rapid adoption due to the potential for realizing strong savings as opposed to current transactional models.
The second interesting thing is the unregulated manner in which digital currencies operate. While some digital currencies operate in the open, some are behind the scenes and only exist in the TOR network. This makes their use obfuscated. For example, it is difficult to know if a bitcoin was involved in crimes such as fraud, questionable purchases, or other illegal operations. While the same thing can be said of paper currencies, the real difference is in the account. Since the uses of digital currencies rely on the distributed ledger for currency management, these ‘accounts’ can be completely untraceable as to the owner, how the currency was used, and where the currency flowed to and from in relation to the current account. This represents a huge issue for regulators, particularly when those digital currencies can be converted into regulated currencies. Which, by the way, most can.
Regardless of regulatory issues with digital currencies, the SEC has also had a hand in blockchain technologies and digital currencies. Exchange-Traded Funds (ETFs) typically consist of an index, specific commodities, a number of bonds, or a bucket of common types of stocks. An ETF was created for digital currencies, particularly an ETF based on Bitcoin. When the SEC was deciding whether or not to allow digital currency trading (via the ETC) on the floors of US exchanges, Bitcoin value rose sharply – toward the $1,300 mark. When the SEC finally decided to reject the trading of the ETF, Bitcoin rapidly lost almost 20% of its value. This decision may also indicate how the Federal Reserve will ultimately deal with the digital currency. Regardless of these setbacks, however, Bitcoin continues to be a mainstream Web currency.
The third and last interesting I find when considering digital currency is the devolution of international monetary systems. In the United States, we went from loosely managed systems to a centralized system. Prior to 1863, individual states within America could print their own money, but that paper currency was restricted from crossing the state border. Individual companies or other entities could also print their own notes, including railroads, territories, and other organizations. After 1863, ‘greenbacks’ were used as a nationwide fiat capital, but again, there were still other currencies in circulation that were being printed and were loosely tied to the greenback system. It was common for people and organizations to have a variety of currency notes and coins. The Federal Reserve System didn’t come into play until the early 1900s. As a result, we now generally know what a dollar is worth.
Now there are literally dozens of legitimate digital currencies out there.
That, coupled with the fact that anyone can create their own digital currency, creates a mental image of currency devolution. We are going back to a digital version of those days in the past when everyone was printing their own bills, only now it revolves around digital currency.
Blockchain and digital currencies are here to stay. In fact, they are rapidly expanding in both acceptance and usage. So, what are the security issues?
First, if a private blockchain technology is being used, there are a finite number of servers supporting the transactions within the system. If a certain number of those servers are compromised, there is a high degree of certainty control of the currency is lost. In other words, if you have 100 servers maintaining your digital currency, and I take over 51 of them, I win.
Blockchain technology is based on a system consensus model, where the most recent and compete block is retained as the true record. In private implementations, this consensus could be negated through the elimination of a majority of supporting servers through a security compromise.
Secondly, there is usually centralized oversight of a digital currency. If that is compromised in any way, the currency is also compromised. Individuals responsible for oversight, typically a consortium, have the power to undo blocks or otherwise make major decisions about forks (discrepancies in the blockchain).
As always, security technologies will have to adapt to the security needs of blockchain technology. The inherent operation may be relatively secure through the use of encryption and strong algorithms, but cybercriminals will inevitably find the weak links of the blockchain system and attack them.
Fortinet adopts a forward-thinking view of cybersecurity, and stands ready to protect private blockchain processes and implementations today. Fortinet’s secure fabric provides the powerful tools needed to integrate security capabilities and communicate threat information across that secure fabric in order to rapidly identify and negate cybercriminals. Ask us how.