When Cybersecurity Meets Blockchain: A Risk Management-Based Approach to Blockchain Application Development
The reality is that blockchain technology must address numerous technical, governance, and regulatory challenges to meet program needs in both the public and private sectors. While it can help transform business transactions with its immutable distributed ledger, there are a number of issues that need to be resolved before blockchain can gain widespread adoption. One of the issues is securing blockchain applications.
In this article, I will describe how to provide security assurances for blockchain, closely integrating cybersecurity principles and enterprise risk management with blockchain application development on permissioned networks. I will also describe how to use the IBM Blockchain Platform to build innovative cybersecurity solutions and services across multiple disciplines.
Governance and Smart Contract Management
In an era of preemption, institutions across all industries cannot afford to ignore disruptive technologies. Blockchain’s distributed ledger is a prime example of such a disruptive technology. They enable the sharing of a single version of the truth across disparate complex ecosystems and processes. This leads to shared business value, lower costs, less risk, and entirely new business models.
Securing transactions is critical to blockchain adoption as blockchain technology significantly expands access for new entrants to global markets. It turns out that traditional methods of managing risk and maintaining security are not enough to solve security problems. Despite the achievements of blockchain applications so far, they are not for blockchain technology itself, but for smart contracts (business logic defined in code to simplify, verify or perform contract negotiation) and blockchain networks applications on the edge.
Blockchain Network Security Guarantee
As the complexity of blockchain applications, interfaces, and smart contracts increases, so do the risks to blockchain applications. Therefore, a comprehensive risk management and cybersecurity assurance program needs to be developed by cybersecurity professionals proficient in strategy, governance, regulatory and compliance processes.
Blockchain application developers and development operations (DevOps) teams must consider whether they have the right tools for security and privacy compliance. The entire industry must examine the security landscape, identify security risks, develop threat modeling tools, establish a roadmap for hardening the security posture, and deploy technologies to mitigate risks.
Let’s look at a blockchain cybersecurity assurance model that would address blockchain risks based on domain-specific risk defense approaches and cybersecurity implementation best practices:
Key elements in this model:
Smart Contract Governance and Risk Assessment :
Define and align security plans for blockchain applications and ecosystem DevOps based on cybersecurity methodologies and the NIST (National Institute of Standards and Technology) risk management framework.
Data Security and Privacy Assessment :
Analyze blockchain application datasets to understand legal, policy and regulatory issues, on-chain and off-chain design considerations, responsibilities, and feasibility issues.
Key Management :
Implement public key infrastructure and related key lifecycle management services, including certificate revocation, generation, and destruction.
Blockchain Application Threat Modeling and Secure Coding Assessment :
Analyzing the ecosystem design of blockchain network actors and securing microservices. Evaluate security, application programming interfaces, access controls, and business partner agreements between services.
Credentials, qualifications, and authorization to operate a blockchain business network :
Understand and apply risk-based procedures to evaluate, describe, document, test, and author blockchain applications and business networks.
Blockchain Cybersecurity Intelligence and Operations
Continuously monitor, detect, analyze, diagnose and mitigate threats, gain insight into blockchain threat exposure and prevent incidents.
Incident Response
Develop an orchestration plan for incident response to effectively mobilize people, processes, and technology to respond to and remediate security breaches of confidentiality, integrity, and availability in enterprise blockchain applications.
About the Author
Adewale Omoniyi : Senior Consulting Manager, Cybersecurity and Biostatistics (C&B) Services, IBM Global Business Services Public Services Division, and Cybersecurity and Blockchain Technology Solutions Architect. He is currently IBM GBS Federal Healthcare Cyber Security Lead and Blockchain Director for GBS Cyber Security Public Service Division. He holds an Executive Master of Business Administration (MBA) degree in Strategy and Global Business from New York University. He holds a Bachelor of Business Administration (BBA) degree in Management and Information Systems from Temple University. He is also certified in CISSP, CISM, CRISC Cyber Security.
Dr. Shue-Jane Thompson : Vice President and Partner, Cybersecurity and Biostatistics (C&B) Services, IBM Global Business Services Public Services Division. She oversees C&B-related technology innovation, solution engineering, and service delivery to U.S. Department of Defense, Intel, federal, state, and local customers, leading hundreds of highly qualified security professionals delivering advanced networks to top U.S. agencies functions to help perform tasks. She has over 30 years of experience in business, government, international technology and business management.