In the IT and Cybersecurity industry, there’s no shortage of terms, concepts, and phrases that generate buzz and sometimes take on a life of their own. Take Zero Trust, DevSecOps, Shift Lift, and of course, Blockchain. That said, many times these words or phrases take on that life due to the promise and excitement they bring to the industry, and Blockchain is no different.
Blockchain holds a ton of potential as an emerging technology that can and likely will play a major role in cybersecurity use cases. We will discuss some of those use cases in this article.
Everyone who has been around cybersecurity for some time is familiar with the concept of integrity or guarding against improper information modification or destruction. This concept is particularly relevant when discussing immutability, or the assurance that an object cannot be modified after it is created. Blockchain functions as a secure technology that ensures transactions are stored on a tamper-proof ledger. One doesn’t have to look far to find uses for a technology of this sort as it relates to immutability and maintaining integrity. One example includes the increasingly complex software supply chain and the myriad of transactions and activities that occur throughout it. Organizations increasingly need a level of assurance of the integrity of the transactions and modifications made throughout their software supply chain. This is further bolstered by the consensus model that blockchain utilizes.
Sticking with the discussion of the software supply chain, given the significant scope and complexity it presents the industry, another potential use for blockchain is in traceability. Think of it in the context of determining the origin, activities, and parties involved. Emerging software development security guidance, such as NIST’s Secure Software Development Framework (SSDF) and others are calling for traceability in software development lifecycles and activities. This can be supported by the digitally signed and timestamped nature of blockchain which will allow greater transparency into the Software Development Lifecycle (SDLC) and those involved in it. This leads to the concept of provenance as it relates to software. This would be in the form of verifiable information about the origin of the software, who wrote the code, the environment it was developed in, the chain of custody, and more.
Building on previous comments about integrity, all security practitioners are also familiar with the concept of availability, which is often defined as timely and reliable access to and use of information. Concepts, such as cyber survivability, are gaining steam as organizations of all shapes and sizes realize that our ubiquitous connectivity and dependence on digital platforms warrant an ecosystem that can survive when incidents occur, not if. Blockchain helps facilitate this resilience approach due to some of its key tenets such as the distributed nature of nodes in a blockchain network. This ensures that systems built leveraging Blockchain avoid some of the pitfalls such as having a single point of failure. This is bolstered by the reality that all of the nodes in the network share the copy of the ledger. Another good example is the ability to be applied to the Domain Name System (DNS). Decentralized technologies, such as Blockchain can help mitigate the risk of centralized solutions.
While no technology is foolproof and cybersecurity is a constant challenge to outpace the ingenuity of attackers, there are tools that can be leveraged to bolster defenses. Blockchain holds the promise to be one of those tools, with countless potential use cases across the technology and cybersecurity ecosystem. Time will tell how it truly gets utilized and what innovative solutions the industry adopts as we move forward.