The Cyber Implications Of Blockchain

Irfan Saif , Ed Powers and Adnan Amjad

Do your customers trust you? And do you trust them? The emerging trust economy depends on each transacting party’s reputation and digital identity—and that’s where blockchain comes in. The technology behind digital contracts transforms reputation into a useful, manageable attribute.

Part 4 of a 5-part series. Read Part 1, Part 2, Part 3, and Part 5.

You can also read the full article or download a copy at Deloitte University Press.

Just as distributed architecture and open standards play spotlight roles in the inevitable architecture trend, they loom large in blockchain and the emerging trust economy. Blockchain is an open infrastructure technology that enables users operating outside of an organizational or network boundary to execute transactions directly with each other. Blockchain’s fundamental value proposition is anchored in this universal availability.

It is also anchored in integrity. When someone adds a block, or executes a blockchain-based smart contract, those additions are immutable. The potential value of the numerous blockchain applications currently being explored—including regulatory compliance, identity management, government interactions with citizens, and medical records management—resides, to a large degree, in the security benefits each offers users. Some of these benefits include:

  • The immutable, distributed ledger creates trust in bookkeeping maintained by computers. There is no need for intermediaries to confirm transactions.
  • Transactions are recorded with the time, date, participant names, and other information. Each node in the network owns the same copy of the blockchain, thus enhancing security.
  • Transactions are authenticated by a network of computer “miners” who complete complex mathematical problems. When miners arrive at the same solution, the transaction is confirmed and recorded on the “block.”

The distribution of miners means that the system cannot be hacked by a single source. If anyone tries to tamper with one ledger, the nodes will disagree on the integrity of that ledger and will refuse to incorporate the transaction into the blockchain.

Though blockchain may feature certain security advantages over more traditional transactional systems that require intermediaries, potential risks and protocol weaknesses that could undermine the integrity of blockchain transactions do exist. For example, it has recently come to light that vulnerabilities may exist in the programming code that some financial services companies are using as they integrate distributed ledger technologies into their operations.

Given that there is no standard in place for blockchain security, other potential cyber issues could emerge. For this reason, users currently rely—arguably too much—on crowdsourced policing. Blockchain is a relatively new technology, and therefore discussion of its potential weaknesses is somewhat academic. Somewhere down the road, an underlying vulnerability in blockchain may emerge—one that would put your systems and data at risk.

Though you should not let fear of scenarios like this prevent your company from exploring blockchain opportunities, as with other leading-edge technologies, it pays to educate yourself and, going forward, let standards of acceptable risk guide your decisions and investments.

For more on blockchain, see Cryptocurrencies Unlock New Concepts Of Value.

Copyright ©2017 Deloitte Development LLC. All rights reserved. Reprinted by permission.


Irfan Saif

About Irfan Saif

Irfan Saif is an advisory principal with Deloitte and Touche LLP. He has over 20 years of IT consulting experience and specializes in cyber security and risk management. Irfan serves as the US Technology industry leader for Deloitte’s Advisory business and is a member of Deloitte’s CIO program and Cyber Risk practice leadership teams. He serves many of the firm’s largest clients, helping them to be Secure, Vigilant, and Resilient through the planning, design, and implementation of robust strategies, business processes, and technology solutions.

Ed Powers

About Ed Powers

Ed Powers is the National Market Offering Leader for Deloitte’s Cyber Risk Services practice, which helps complex organizations establish Secure.Vigilant.Resilient. programs to achieve strategic growth objectives in the face of increasingly sophisticated cyber threats. Under his leadership, the practice has been recognized by major analysts as the leader in cyber risk and security consulting.

Adnan Amjad

About Adnan Amjad

Adnan Amjad serves as the Cyber Threat Management Leader for Deloitte & Touche LLP. This includes responsibility for cyber security strategy development, vulnerability management, security operations and critical infrastructure protection. Adnan’s client base includes some of Deloitte’s largest clients in the energy, financial services and telecom sectors. In his role, Adnan interacts and liaises with academia, industry trade associations, media outlets and global law enforcement agencies on issues related to cyber security.