Building blocks for cyber security

Blockchain opens up new possibilities for data protection

As we move towards more connected environments, cyber security threats are increasing. One technology that could help with data protection is blockchain, which is also starting to be used in some renewable energy projects.

solar panels in a street
Renewable energy projects are beginning to use blockchain for energy trading (Photo: Andrew Glaser)

In the IEC White Paper Edge intelligence, blockchain technology is defined as “a well-ordered distributed database that maintains a list of all transactions and which grows continuously over time”. Each of these recorded transactions is called a “block”.

Blockchain was invented by Satoshi Nakamoto in 2008 and was originally developed as the accounting method for the virtual currency Bitcoin. Blockchain uses cryptography to allow anyone granted access to a distributed database to digitize and insert data, as well as its metadata, in a secure way. Unlike traditional centralized databases, which are situated within a central cloud, the blockchain is not located and maintained on a single server that belongs to a central authority (a bank, for instance). It is spread across multiple points, making it much harder for hackers to gain access to it.

The technology was primarily devised to verify transactions but it is possible to code, digitize and insert practically any document in such a database. Once a block of data is recorded, it’s extremely difficult to change or remove. The authenticity of the record can be verified by the entire community using the blockchain, instead of by a single centralized authority. Each time a block of data is completed, a new one is generated. The blocks are connected to each other, like links in a chain, in a proper linear chronological order. If an attacker gets hold of a component of data and attempts to tamper with a block, the system will try to locate the one that differs from the rest. If it is located, it is simply excluded from the chain and recognized as false.

Data protection and the IoT

The distributed storage of blockchain technology and its unique security and encryption features make it an ideal testing ground for Internet of Things (IoT) applications. The IoT refers to the increasing number of devices which connect to a network to provide information they gather from the environment through sensors and actuators.

These devices can be carried, worn or kept at home, they can be embedded in factory equipment, or form part of the fabric of the city people live in.  Each one of them is able to convert valuable information from the real world into digital data that is stored on a centrally shared cloud, managed by a third party, usually the manufacturer of the device.

Increasing concern has been raised over the data protection issues related to this method of digital storage. The openness that gives the cloud its strength can also make it vulnerable. If the foundational or host hardware and operating system are compromised, every workload hosted there can be exploited by hackers.

This has led some companies to experiment with blockchain storage for IoT.  Examples include a trial led by a Korean consumer electronics manufacturer and a US IT giant. The Autonomous Decentralized Peer-to-Peer Telemetry (ADEPT) trial integrated blockchain software into a washing machine that could operate autonomously.

Based on the Ethereum cryptocurrency blockchain, the washing machine – amongst other things - could order and pay for its own laundry detergent and if it broke down, could contact and pay a tradesman. This was enabled via smart contracts between the owner and the contract service provider. A smart contract is a computer protocol intended to digitally facilitate and verify the negotiation of a transaction. It allows the performance of credible transactions without third party verification.

Renewable energy projects

A growing number of companies in the energy industry view blockchain as a technology that could simplify the system of renewable energy trading dramatically. Some smart grid and microgrid projects are starting to use it. A recent example in New York saw a finance company join forces with a German electrical company and an energy start-up to launch the Brooklyn microgrid project. The grid consists of five homes on one side of the street with photovoltaic (PV) panels and five homes on the other without. These homes were connected to a microgrid and neighbours with excess renewable energy were able to trade electricity with those homes without solar panels via the blockchain.

An example in the UK, which is currently edging its way towards commercialization, is a blockchain energy trading platform project backed by several household energy suppliers, the National Grid and a German electrical conglomerate.The trading platform is built on the Ethereum blockchain and uses simulated data from 53 million metering points and 60 energy suppliers. One of the main objectives of the project is to allow consumers to switch more easily between energy suppliers. Joanna Hubbard, chief operating officer (COO) of the start-up company managing the project, believes that blockchain will lay the foundations for households to participate in peer-to-peer energy and flexibility trading. “Blockchain technology will allow the transition to a decentralized model capable of local optimization and significant cost and carbon efficiencies”, she says.

Clouds on the horizon

Although many companies understand the huge benefits blockchain can offer, it is by no means a cyber security silver bullet. While blockchain is protected by business grade cryptography, where large sums of money or important assets are involved, hackers will follow. The IEC White Paper Edge Intelligence covers some of these risks. It points out that, because blockchain is a complex technology, it’s difficult to understand where potential attacks may come from or what countermeasures to take.

Another concern focuses on the decentralized nature of blockchains. Keys are used instead of passwords and issued to devices. Users must manage their own private keys, and if one is lost, anything related to that private key is also lost. If a private key is stolen, the attacker will have full access to all digital assets controlled by that private key. The security of private keys is so important that many users rely on secure hardware to store them.

While the potential of blockchain is promising, it remains more essential than ever for companies to adopt the cyber security Standards published by the IEC and ISO Joint Technical Committee (JTC) 1, to protect their critical infrastructures from outside attacks. These include the ISO/IEC 27000 series of Standards on information security management systems, published by ISO/IEC JTC 1 Subcommittee (SC) 27: IT security techniques. The challenge is to counter ever more sophisticated groups of hackers. Increasingly that must be done at an international level. New technology solutions will not suffice: they need the backing of International Standards to help achieve effective cooperation in cross-border and cross-community environments.