It is easy to fall victim to the notion that blockchain with its many utilities could serve as a foolproof defence against cyber security risks. While blockchain will inevitably improve cyber security for organisations and individuals, it is dangerous to rely completely on its present capabilities to secure information against cyber attacks. There are various examples that show the cyber security risks inherent in blockchain technology.
Risks Persist
In 2016, digital venture capital fund, the DAO (Decentralised Autonomous Organisation) lost $52,000,000 due to a flaw in the Split DAO function of the DAO smart contract. The DAO function was initially designed to enable DAO participants to transfer their account balance into new investments. The flaw in the function allowed attackers to carry out the same split multiple times until the DAO was nearly empty.
In the same year, 120,000 Bitcoin were removed from customer accounts of Hong Kong based crypto currency exchange, Bitfinex. Bitfinex is known for its multi-signature key management system, a security measure that divides private keys for each user’s wallet among two different parties to reduce the likelihood of a successful breach.
It is important for organisations to recognise how easy it is to abuse the efficacy of blockchain technology from within an organization. Attackers are likely to achieve concencus on transactions for their own benefit. Having thorough understanding of the on boarding process of participants in a blockchain may aid in preventing such occurrences. Machine learning capabilities may enable organisations to better understand participant behaviour.
Maturity Model Solutions
The solutions to scenarios such as the aforementioned may seem simple but at times prove to be incredibly complex to articulate and implement. Applying an adequate risk management framework to cyber security in blockchain requires several considerations that effectively support prevention, detection, and response to cyber security risks in blockchain technology. As an example, systems should be tested frequently enough in order to identify flaws in security frameworks.
A maturity model should be followed by organizations looking to base their application of blockchain on structured frameworks for information security. The Capability Maturity Model (CMMI) for IT maturity , established by ISACA, may be considered as a starting point. The model defines five maturity levels: initial, managed, defined, quantitatively managed, and optimising.
An organisation with an initial maturity level lacks process requirements and process areas, exposing it to risks of, inter alia, exceeding budgets for projects. An organisation with a managed maturity level has processes characterised for projects but is often reactive. In contract, an organisation with a defined maturity level is often proactive in its approach. Organisations with quantitatively managed maturity have subprocesses that are maintained using statistical and other quantitative techniques. At maturity level 5,(optimising), organisations focus on continually improving process performance through enhancements in their technology.
Benefits Abound
To improve maturity for the security of a blockchain application, an organisation must ensure that assessments and controls are robust and dynamic enough to identify risks. The updating of data on a distributed ledger technology for example, should be verified for accuracy and validity through controls and assessments. A monitoring system should be in place to ensure that the data integrity of data sources to the distributed ledger technology of an organisation is maintained.
Utilising a maturity model provides several benefits for organisations: clear insight into blockchain risks, transition from proof of concept to production, establishment of a validated model, and a concrete action plan for the improvement of an organisation's maturity.
Conclusion
A robust framework allows for greater accountability in an organisation in relation to maintaining the success of its information security as it applies blockchain technology to its business operations. Unfortunately, a framework will not suffice alone as personnel must be encouraged via a tone at the top to contribute to the attainment of adequate blockchain maturity levels.
Posted from my blog with SteemPress : https://moonflowcrypto.com/index.php/2018/03/19/understanding-blockchain-security/