How to ensure a secured blockchain methodology

Blockchain technology is often considered as the solution to the financial world's security problems. This technology has indeed solved several banking issues like network hacks and credit card frauds.

But recently, hackers stole $72 million worth of bitcoins from accounts at the Hong Kong cryptocurrency exchange Bitfinex. Such incidents raise the question: Does blockchain technology cure all the security ills or give rise to new ones?

Blockchain’s distributed file system allows participants to keep copies of the transaction files and agree on changes by consensus. Each file is composed of blocks, and each block includes a cryptographic signature of the previous block, creating an immutable record. The network verifies the integrity of the transactions. Because of this process, blockchain is highly respected for its resilient nature in dealing with attacks. Even though the blockchain network has few numbers of vulnerabilities, several vulnerabilities can occur in ancillary system components, such as operating systems, networking protocols and some security-related areas like key management, protection, and distribution which directly create a threat for the blockchain network. For example, The DAO announced a loss of $150 million by a hacker using a vulnerability in Ethereum, used as a blockchain platform by the DAO. Using a sophisticated multistage attack, the hacker was able to trigger a recursive send vulnerability, where the act of sending funds triggered another "send fund" request. While developers have reacted quickly to remedy software flaws, it is unlikely that this flaw will be the only one.

While selecting blockchain technology, CIOs and CISOs must prepare themselves to address all security related blockchain issues and establish a solid and reliable blockchain enabled business processes and applications.

Let’s take a look at how CIOs and CISOs can implement a secured blockchain methodology.

1.   Evaluate Applications

Security leaders and CIOs must carefully evaluate applications for their suitability to integrate with the specific blockchain systems and subsystems. This includes ensuring stringent security testing at all levels of the application stack, including:

• operating systems such as IoT or embedded operating systems,
• application code reviews, and
• application logic and architectural models for experimental systems, such as smart contracts built on top of blockchain technologies.

Initiating a vulnerability management program will assist CIOs and CISOs with the actionable insight and intelligence that aim to mitigate against a varying number of threats.

2.   Use Smart Contracts

Smart contracts are computer protocols that facilitate, verify or enforce the negotiation or performance of a contract, or that make a contractual clause unnecessary. Smart contracts usually have a user interface and often emulate the logic of contractual clauses. The main goal of the smart contract is to provide security superior to traditional contract law and to reduce other transaction related costs and frauds associated with contracting.

3.   Monitor Vendors

Today, a critical aspect with blockchain is the selection of the blockchain ecosystem/platform. A number of vendors and providers have selected the bitcoin system, primarily because it has achieved a significant volume of nodes, for which bitcoin has a diverse and distributed network, providing several fault tolerance and resilience capabilities. While this might suffice for some, and others provide a good experimentation platform, it may not meet the needs and security requirements of CISOs and CISOs. Thus, CIOs and CISOs must monitor key vendors for feature innovation, consolidation or competitive threat capabilities.

Blockchain is still a nascent technology and many security challenges are yet to be explored and discovered. Using the above methods can certainly provide you with a relatively secured blockchain network.