The Petya attack that took place at the end of June took more than just computer networks offline. Maersk, the shipping giant, suffered a major outage which meant that containers were left stranded in ports across the world. Stakeholders throughout the logistics supply chain were affected by undelivered merchandise and unfulfilled orders. The business disruption and brand damage caused to some firms and industries was enormous - Reckitt Benckiser estimated the total cost of their Petya-induced network outage was around £110 million.
The Petya attack was exceptionally virulent and devastating because of its ability to spread across networks caused by a loophole in a widely-used piece of accounting software. Even well protected firms with good upgrade policies fell victim to the attack due to vulnerabilities in their corporate partners’ computer systems, with the breach highlighting that organisations are only as strong as their weakest link and that up-to-date cybersecurity software is not always effective. The virus was able to seal off users’ information and force them to pay to retrieve their data. Without effective backup systems in place some firms were forced to try to pay the ransomware demands.
The large industrial firms who suffered so badly after the Petya attack could have benefited from having a fully blockchain enabled system - this is due to the security-by-design that underpins the technology.
Often described as the ‘distributed ledger,’ blockchains are a means of storing data (and potentially secure code) via a peer-to-peer network of computers. As there is no central server storing data (which can act as a target for cyberattack), the data is copied identically across each ‘node’ in the network, meaning that if one computer is compromised, it does not result in a business critical failure. Changes to any information has to be accepted by the majority of other computers across the network (called ‘consensus’) before information can be updated on the blockchain. This is the backbone of the security of a ‘distributed computer’, peer-to-peer, ledger based system.
Securing the IoT
The lack of a single point of failure makes a blockchain enabled system highly secure. Industrial firms who have embraced the latest wave of Digital Manufacturing and Industry 4.0 technologies are finding that their increased efficiency is undermined by the cybersecurity vulnerabilities stemming from the proliferation of connected devices.
The Blockchain is a potential remedy to this problem due to this concept of ‘consensus’. Data transactions and/or transmissions made on the network must be verified by a majority of network participants, meaning that the provenance of each device (which can include date, time, location and authorisation information) is recorded via its history of activity on the network. This eliminates the potential for ‘rogue devices’ to be hijacked or spoofed and used to commit DDOS attacks on a large scale (as we saw with the attack on Dyn last October.)
An estimated 24 billion connected devices will be online by 2020, thus creating a mountain of potentially exploitable end-points. These loose ends can be ‘tied-up’ by blockchain enabled systems which can also ensure that only secure code from a single unchangeable source can be used in the updates of any connected IoT devices. In this model the blockchain system itself becomes the preferred means of secure communications where this is a requirement while the internet is simply a transmission line similar to a power grid. This separates the logic of systems from their communications and creates a virtual ‘air gap’ that hackers will find theoretically impossible to cross if they wish to change the operating codes of systems.
The ‘visibility’ that blockchain yields is another advantage that industrial users will be particularly interested in. Take a container logistics company for example, these firms interact with an extensive list of stakeholders such as shipping lines, port authorities, land-based distributors and more. There is currently a high degree of ‘friction’ between these parties as unnecessary administrative procedures and opacity exists at each step of the supply chain.
A private blockchain arrangement that linked each of these disparate supply chain actors would allow them to see ‘one version of the truth.’ This is because information on the blockchain is both transparent and immutable. Each ‘block’ of information is cryptographically linked to those on either side, making them impossible to edit without authorisation consequently, blockchain enables trust between actors as their information is both visible and secure.
A supply chain that is ‘on the blockchain’ is very efficient, as we have seen demonstrated by a number of early Proof of Concepts in the industry. Suppliers, shipping firms and distributors are finding that the efficiencies of ‘smart contracts,’ which capitalise on the linkage of supply chain actors, result in substantial costs and profits efficiencies. In addition, confidence is increased in their partner’s ability to keep data secure thanks to the encryption of these private blockchains. Access to information can also be ‘layered’ and protected so parties can only access the information they need and data protection can then apply to any other information contained in a record.
Ease of adoption
The cryptographic complexity of blockchain technology can make it a daunting proposition for those considering it. However, the adoption of blockchain enabled systems does not have to result in the complete overhaul of the existing IT infrastructure and can in fact be incorporated into legacy systems. Indeed the design of companies such as is to enable existing work flow processes with blockchain rather than replace it. Those operators within industrial processes will not see the nature of their work greatly transformed - it is a case of processes being enacted more securely, accurately and much more efficiently behind the scenes.
The dual benefits of increased security and efficiency make both private and public blockchains an enticing proposition to industrial users. With the next headline-grabbing cyberattack only a matter of ‘when’ and not ‘if,’ large companies that rely on global connectivity need to embrace the blockchain as a means of promoting digital trust between their partners as well as their customers.
Antony Abell, Managing Director, TrustMe
Image Credit: Zapp2Photo / Shutterstock