The unmentioned cybersecurity risks in blockchain adoption

Matthew Kuan

Which sectors are the main markets for implementing blockchain technology?

The financial industry ranks as the main market for implementing blockchain technology, with the transportation/logistics industry following a close second. It is important to note that financial services firms are deploying blockchain to support mainstream sovereign currency processes – not the controversial cryptocurrency transactions that initially thrust blockchain into the spotlight. Worldwide blockchain spending growth among professional services and process manufacturing businesses is also experiencing an increase.

The Asia-Pacific region has become a hotbed of innovative blockchain applications. Blockchain-based projects are being piloted or are already in production in government, electric utility, supply chain security, and environmental use cases. The drastic spike in blockchain spending predicted in the Asia-Pacific also indicates that there are no signs of these use cases dwindling in the foreseeable future. However, as more industries in the Asia-Pacific and Japan adopt blockchain, it is crucial that security leaders implement processes to secure new blockchain projects.

Can you clarify blockchain security risk factors?

Every new technology has its risks, and blockchain is no exception. Even the earliest blockchain deployments stimulated the creative juices of cybersecurity adversaries. As blockchains grow in economic importance, they will undoubtedly become more attractive targets for cybersecurity interference.

To start, there are a number of blockchain and distributed ledger technology (DLT) vulnerabilities that we need to be aware of – ones that will impact how we deploy and where we apply blockchain.

The first thing is consensus hijack. In decentralised, permission-less networks, where consensus is formed through majority assent, taking control of a large enough portion of participating clients could allow an attacker to tamper with the validation process.

Besides, there are risks coming from DDoS attacks. Due to the distributed nature of blockchain ledgers, they are potentially vulnerable to spam-based distributed denial of service (DDoS) attacks. Even when these attacks do not completely close off access to a blockchain, they can increase processing latencies, as the nodes will be busy checking the validity of the fraudulent transactions.

In addition, we need to mention sidechain vulnerabilities, which can afflict the gateways used to transfer assets and messages between parent and sidechains through two-way pegging. Here, if an initial “locking” transaction is later considered invalid, then subsequent proxy transactions would also be affected.

“Smart contracts” are also considered a potential victim of attack. These are automated transaction programs that run on distributed ledgers that typically feature business logic such as self-executing insurance policies and financial futures contracts. This makes them subject to coding errors, often related to the specialised programming languages used to formulate smart contracts.

Last but not least is private blockchain vulnerabilities. Some enterprises have implemented private blockchains using existing network infrastructure, cloud-based services, and user access privilege. This configuration helps protect them from external interference.

Blockchain is adopted in a multitude of sectors across the globe (Ilustration photo)

What solutions did Fortinet issue to deal with this problem?

Before mentioning Fortinet’s solutions, I want to emphasise that it is necessary to build in security by design.

Despite the hype and exuberance currently animating the blockchain conversation, for the cybersecurity professional, blockchains are just another enterprise asset to protect from adversary interference. Fortunately, at the technology’s current stage of evolution, almost every blockchain project is a greenfield project. This offers application designers the opportunity to build security into the project at the beginning of its development cycle.

Treating security as a primary design goal of a blockchain project makes it possible to conduct a structured analysis of security requirements and investment priorities. Fortinet has been thinking a lot about the cybersecurity implications of digital transformation (DX), of which blockchain is a part. The Fortinet “Security Transformation Requires a Security Fabric” white paper is a good place to start to better understand how to implement cybersecurity in this new DX-driven world. There is no doubt that blockchain has a great future ahead of it. Beyond the considerable merits of the technology itself, we have the advantage of entering the blockchain era with much greater awareness of cybersecurity risk factors facing any new technology megatrend. Forewarned is forearmed, as the old saying goes.

What potential do you see in providing cybersecurity solutions for blockchain?

The blockchain adoption rate is growing extremely fast – expanding its footprint globally across multiple industries and economic sectors. A recent IDC report projects a 73.2 per cent worldwide compound annual growth rate (CAGR) between 2017 and 2022 for spending on blockchain solutions. This translates to a global rise in blockchain spending from $1.5 billion in 2018 to $11.7 billion in 2022. Within the Asia-Pacific (outside of Japan), blockchain growth will maintain pace with the rest of the world at 72.6 per cent CAGR. Japan, however, is expected to lead the entire world in blockchain spending, forecasted at a 108.7 per cent CAGR.

In Vietnam, the blockchain adoption rate in enterprises and authorities is still quite small, thus, at this time, Fortinet is focusing on disseminating information about blockchain as well as blockchain security risk factors so that enterprises and authorities can have a deep understanding of this subject before adopting blockchain technology.