Blockchain may help protect against cyber threats targeting industrial infrastructure
What is blockchain?
Blockchain is a secure, shared ledger that is distributed only to the members of a specific network. Blockchain is based on shared trust through an authenticated network membership. A copy of the blockchain ledger is stored on each member's computer, making it possible for any member to view the contents of the entire ledger at any time. Blockchain also uses public and private keys for security. The public key is a digital fingerprint that uniquely identifies the network, while the private key allows network members access to the blockchain ledger. When a new transaction is completed, the ledger is updated across the network, making it available for all members to see. The blockchain ledger is searchable, allowing members to look up specific smart contracts and transactions.
While originally created specifically for Bitcoin, any digital document, media, or data value can be stored. This is precisely what makes it possible to use in an industrial cyber protection context, providing a secure means of storing data as transactions, with smart contracts providing the details for what data is to be collected, how it will be used, and what kinds of transactions are allowed.
What’s more, Blockchain is flexible, allowing for rules to be made that can conform to business governance, compliance, and operational needs.
How Blockchain Works
Blockchain uses complex cryptographic hash functions to secure its distributed ledger. To understand how blockchain works, it is important to know what a Smart Contract is: The digital codification of a conventional contract, with the same authority and legal status as a written contract.
When a transaction is complete, a new block is added to the chain. This consists of some fundamental steps that are common to all block chains:
1. A Transaction is, in essence, data shared by one or more members of a network.
2. Authentication is when the member initiating the transaction is authenticated, verifying that the member meets all rules for that type of transaction.
3. Validation occurs after authenticating the member and validating the transaction, a new block is created. This block contains all the details of the transaction and is added to the chain, using an identifier made from a hash that includes part of the hash from the previous block. This is what makes blockchain so secure.
When a transaction is initiated, it is held in temporary memory. That way, if the transaction fails during any step, the transaction is simply removed without ever being added to the blockchain. This helps keep the blockchain simple and -most importantly - secure.
Why Blockchain may be key to IIoT cyber protection
The blockchain database has never been hacked, according to Chain of Things, a consortium that supports collaborative development on an open source standard to secure Internet of Things (IoT) devices. In this Market Watch article, the hacks of Mt. Gox and Bitfinex targeted vulnerabilities in the Bitcoin cryptocurrency itself. The article goes on to state that blockchain is a liability because blocks cannot be altered. For financial transactions, this is a problem that is still hotly debated.
However, the immutability of each block in the blockchain is precisely what may make it an ideal fit for IIoT infrastructure. With permanent, unalterable records, blockchain forms the basis for machine-based trust, since all nodes in a network are authenticated and each transaction is verified with the blockchain's cryptographic algorithm.
In IBM's Implementing Blockchain for cognitive IoT applications, Part 1, the authors state, "As assets go through the various phases of their lifecycle, devices monitor different aspects and integrate the data from the assets into a blockchain of the business participants to provide real-time, trusted data." The report goes on to cite use cases for supply chain, automotive, energy and utilities, healthcare, and home automation.
Current industrial applications in the automotive industry highlight the potential of blockchain as a secure technological IIoT solution. For example, Toyota uses blockchains to track parts from multiple countries, manufacturers, and suppliers to final assembly. This use case demonstrates that it is possible to use blockchain as an end-to-end solution that provides unparalleled security and reliability. Localized blockchain mesh networks within a manufacturing plant can be used to securely monitor manufacturing processes, automating tasks such as ordering supplies.
For some applications, blockchain may not deliver enough value to justify investing in it. Each company will have to evaluate blockchain's value in the context of its business operations and determine if it will deliver an acceptable ROI. It's too early to make much of an evaluation of where blockchain will provide the most value. One thing is certain: businesses from a variety of industry sectors are experimenting with blockchain on a small scale to learn what it's about and how it might be of benefit. Blockchain's secure and trusted M2M communication is dramatically reducing transaction costs for banks and other financial institutions that have begun using it. Other industries may take a little longer to find ways to use blockchain that deliver such high value.
Blockchain and Decentralized IIoT Networks
By its very nature, blockchain is decentralized, which makes it much more transparent and secure than centralized networks. Decentralized blockchain networks could collectively be managed by a hierarchy of smart contracts capable of monitoring and managing industrial processes, production, and reordering supplies as needed.
Admittedly, decentralized blockchain network IT infrastructure is expensive to develop, but the benefits may far outweigh the costs by allowing secure, direct machine-to-machine (M2M) communication as well as real-time communication all the way up and down the supply line.
The performance gains from decentralized networks that optimize M2M communication may make up for the expense of developing a decentralized IIoT blockchain infrastructure. For example, such an infrastructure would allow real-time adjustments in supply and production scheduling, based on data provided by other factors up and down the supply chain. Managers would continue to monitor industrial processes with the added benefit of automating more of what they still do manually. In some cases, entire processes could be fully automated, significantly reducing costs at nearly every level of operation.
Perhaps the biggest challenge will be to get industrial organizations to appreciate the genuine possibilities of blockchain. It requires a very different way of looking at how machines are connected to one another via the IT infrastructure. While blockchain itself is relatively simple, its implementation is not. The industry is early in the investigation phases of applying blockchain to industrial cyber protection and how to tailor it to the needs of each business.
What We Can Expect to See
As business finds innovative ways to use blockchain beyond bitcoin, we expect to see more innovation in blockchain solutions for logistics, supply chain, manufacturing, and utility applications. Part of this innovation will be expanding blockchain beyond a record-keeping system or a transaction platform.
An explosion of blockchain adoption could occur over the next few years as businesses realize the true potential of blockchain for the secure, efficient, and easy management of logistics, supply chain, and industrial processes. Advancements in blockchain solutions for IIoT may incentivize IIoT manufacturers to begin designing cybersecurity into end-point devices, making industrial IoT infrastructure even more secure. Overall, we can expect broader blockchain adoption as more solutions are developed for industry and the cost for its services comes down.
Want to talk to one of our cybersecurity experts about this, or any other cyber challenge you might be faced with?