At the North American Bitcoin Conference in 2017, world renowned (and some would say infamous) security expert John McAfee stated that the current iterations of cybersecurity software are “non-functional.”
It simply doesn’t work, he stated — and, to a degree, he’d be right. When you look at the fact that the biggest DDoS attack in 2016 (the biggest ever at the time of its deployment) was likely the work of amateur hackers, also known as script-kiddies, it’s hard to defend any argument for a cybersecurity infrastructure that functions correctly.
The problem of weak cybersecurity is worse than the threat of a couple kids wanting to shut down the internet for a day. For example, 88 percent of all ransomware attacks target hospitals, effectively locking up all systems and private healthcare information until the ransom is paid off, and beyond weak technical safeguards and end-user best practices, there is no way to prevent or remedy the attack.
Healthcare isn’t the only critical sector being dominated by cybersecurity woes either. The Office of Personnel Management hack that was perpetrated in 2015 saw the personal information of 21.5 million people made public, while 2016 saw a hack on the Office of Child Support Enforcement that exposed 5 million vulnerable children and family records, meaning that even the government isn’t infallible.
Worse still, the recent Vault 7 wikileak dump shows that the CIA itself has the means to hack almost any known device on the market.
From government actors to cyber criminals and hackers, multiple entities are proving that virtually nothing is secure in the world of cyberspace.
Low Expectations, High Time for Better Cybersecurity
A Pew Research report from 2014 shows that a large majority of Americans don’t feel secure online, due in part to Snowden’s PRISM revelations in 2013, but also because they don’t feel they have control over things like how their personal information is collected and used by companies.
Unfortunately, two pieces, one published by the Huffington Post and the other by Forbes, wield evidence to support the notion that even though most Americans know that online privacy and security is fallible, most just don’t care.
In fact, one report shows that while 69% of respondents think that cyberattacks are more of a threat than they were a year ago, 55% still think they are, for some reason, safe. This represents a massive failing on the part of a public that would like to reap all of the benefits of a technologically-empowered life, but doesn’t want to face the responsibility that comes with it.
With all of these facts in mind, it’s clear that the current problem of security is threefold and laid out like this:
- Current cybersecurity measures are clearly sub-par.
- The public knows these measures are sub-par, but simply doesn’t care enough or have the know-how to do anything about it. An ideal security protocol would stand alone, without relying on end users to actually activate or utilize it.
- Lastly, whoever holds the keys to this new infrastructure would hold a considerable amount of power–imagine if, instead of multiple anti-virus software companies, there were only one. Additionally, imagine if it was run by the government. Yikes.
These points frame the major hurdles facing security in any current capacity. To take them on, a new type of technology must be called upon, and it will have to address current concerns, run independently of complex user interaction, all while remaining decentralized.
Enter The Blockchain
For those uninitiated, the blockchain is the technology behind cryptocurrencies such as Bitcoin. Specifically, it’s a decentralized distributed ledger that uses complex algorithms and equations to verify authenticity. Because of its ability to mathematically verify almost anything, some have called the blockchain the “trust layer” of the internet. For more information on what the blockchain is and how it works, check out this post on Medium by Collin Thompson.
It’s been predicted that the blockchain will eventually become integrated into almost every part of our lives in the same way that the Internet of Things (IoT) is becoming, though it’s not always defined in what ways. However, when applied to the realm of cybersecurity, this prediction takes on more weight.
Ben Dickinson, writing for VentureBeat as well as his own Tech Talks website, has identified three areas where blockchain application can already shore up cybersecurity.
First, the failure of Public Key Infrastructure (PKI) to sufficiently thwart Man-in-the-Middle Attacks can be solved by the block.
PKI is a popular form of public key cryptography currently in use when securing emails, messaging apps, and websites, and it relies on third party Certificate Authorities (CA) to issues revoke, and store the key pairs that ensure security. The problem is that hackers can compromise CAs to spoof user IDs and crack these communications. Dickinson explores this controversy in relation to WhatsApp, supposedly the most secure and popular messaging app in the world, while calling upon MIT’s CertCoin, Pomcor’s theoretical blockchain PKI, and IOTA as three examples of how the block could and is creating more secure PKIs.
Second, because the blockchain distributes information that must be verified across many multiple nodes, data tampering would be easily spotted.
In the current way that cybersecurity works, as Dickinson puts it, “we sign documents and files with private keys so that recipients and users can verify the source of the data they’re handling. And then we go to great lengths to prove that those keys haven’t been tampered with, which is difficult when the key is meant to be secret in the first place.” Guardtime’s Keyless Signature Infrastructure (KSI) is already being considered by the military as a potential blockchain solution in this regard, while Gem is moving forward in the same way, albeit within the healthcare field.
Finally, the blockchain could do away with the DNS system, taking enormous weight off of the current infrastructure of the internet, making DDoS attacks impossible, and making it nearly impossible for anybody (including governments) to censor the internet.
Peter Van Valkenburgh put out the public call to Donald Trump to improve national security with a blockchain-style DNS in his “Dear Mr. Trump: To ‘Cyber’ Better, Try the Blockchain” via Wired, because the current DNS system represents a single target that anybody can tamper with to compromise an entire system. Dickinson believes that Nebulis represents a viable solution in this sense, and quotes founder Philip Saunders, who claims that manipulatable caching is the biggest weakness in the current system. “Caching makes it possible to stage DDoS attacks against DNS servers and allows oppressive regimes to censor social networks and manipulate DNS registries,” he said.
Despite Flaws, Still a Better Alternative
The blockchain model is not without flaws. Ahmed Banafa, writing for BBVA’s Open Mind, identifies five key problems in its implementation. These include the issues of scalability, processing power and time, storage, a skills gap, and legal and compliance issues.
Nevertheless, the alternative to the blockchain is our current model, and our current model doesn’t work. The blockchain represents a viable future for cybersecurity, and the promise of a world that is truly secure for all of us.