" />
Technology

Why Current Cybersecurity Doesn’t Work and Why Blockchain Should Take Its Place

Why Current Cybersecurity Doesn’t Work and Why Blockchain Should Take Its Place

At the North American Bitcoin Conference in 2017, world renowned (and some would say infamous) security expert John McAfee stated that the current iterations of cybersecurity software are “non-functional.”

It simply doesn’t work, he stated — and, to a degree, he’d be right. When you look at the fact that the biggest DDoS attack in 2016 (the biggest ever at the time of its deployment) was likely the work of amateur hackers, also known as script-kiddies, it’s hard to defend any argument for a cybersecurity infrastructure that functions correctly.

The problem of weak cybersecurity is worse than the threat of a couple kids wanting to shut down the internet for a day. For example, 88 percent of all ransomware attacks target hospitals, effectively locking up all systems and private healthcare information until the ransom is paid off, and beyond weak technical safeguards and end-user best practices, there is no way to prevent or remedy the attack.

Healthcare isn’t the only critical sector being dominated by cybersecurity woes either. The Office of Personnel Management hack that was perpetrated in 2015 saw the personal information of 21.5 million people made public, while 2016 saw a hack on the Office of Child Support Enforcement that exposed 5 million vulnerable children and family records, meaning that even the government isn’t infallible.

Worse still, the recent Vault 7 wikileak dump shows that the CIA itself has the means to hack almost any known device on the market.

From government actors to cyber criminals and hackers, multiple entities are proving that virtually nothing is secure in the world of cyberspace.

Low Expectations, High Time for Better Cybersecurity

A Pew Research report from 2014 shows that a large majority of Americans don’t feel secure online, due in part to Snowden’s PRISM revelations in 2013, but also because they don’t feel they have control over things like how their personal information is collected and used by companies.

Unfortunately, two pieces, one published by the Huffington Post and the other by Forbes, wield evidence to support the notion that even though most Americans know that online privacy and security is fallible, most just don’t care.

In fact, one report shows that while 69% of respondents think that cyberattacks are more of a threat than they were a year ago, 55% still think they are, for some reason, safe. This represents a massive failing on the part of a public that would like to reap all of the benefits of a technologically-empowered life, but doesn’t want to face the responsibility that comes with it.

With all of these facts in mind, it’s clear that the current problem of security is threefold and laid out like this:

  • Current cybersecurity measures are clearly sub-par.
  • The public knows these measures are sub-par, but simply doesn’t care enough or have the know-how to do anything about it. An ideal security protocol would stand alone, without relying on end users to actually activate or utilize it.
  • Lastly, whoever holds the keys to this new infrastructure would hold a considerable amount of power–imagine if, instead of multiple anti-virus software companies, there were only one. Additionally, imagine if it was run by the government. Yikes.

These points frame the major hurdles facing security in any current capacity. To take them on, a new type of technology must be called upon, and it will have to address current concerns, run independently of complex user interaction, all while remaining decentralized.

Enter The Blockchain

For those uninitiated, the blockchain is the technology behind cryptocurrencies such as Bitcoin. Specifically, it’s a decentralized distributed ledger that uses complex algorithms and equations to verify authenticity. Because of its ability to mathematically verify almost anything, some have called the blockchain the “trust layer” of the internet. For more information on what the blockchain is and how it works, check out this post on Medium by Collin Thompson.

It’s been predicted that the blockchain will eventually become integrated into almost every part of our lives in the same way that the Internet of Things (IoT) is becoming, though it’s not always defined in what ways. However, when applied to the realm of cybersecurity, this prediction takes on more weight.

Ben Dickinson, writing for VentureBeat as well as his own Tech Talks website, has identified three areas where blockchain application can already shore up cybersecurity.

First, the failure of Public Key Infrastructure (PKI) to sufficiently thwart Man-in-the-Middle Attacks can be solved by the block.

PKI is a popular form of public key cryptography currently in use when securing emails, messaging apps, and websites, and it relies on third party Certificate Authorities (CA) to issues revoke, and store the key pairs that ensure security. The problem is that hackers can compromise CAs to spoof user IDs and crack these communications. Dickinson explores this controversy in relation to WhatsApp, supposedly the most secure and popular messaging app in the world, while calling upon MIT’s CertCoin, Pomcor’s theoretical blockchain PKI, and IOTA as three examples of how the block could and is creating more secure PKIs.

Second, because the blockchain distributes information that must be verified across many multiple nodes, data tampering would be easily spotted.

In the current way that cybersecurity works, as Dickinson puts it, “we sign documents and files with private keys so that recipients and users can verify the source of the data they’re handling. And then we go to great lengths to prove that those keys haven’t been tampered with, which is difficult when the key is meant to be secret in the first place.” Guardtime’s Keyless Signature Infrastructure (KSI) is already being considered by the military as a potential blockchain solution in this regard, while Gem is moving forward in the same way, albeit within the healthcare field.

Finally, the blockchain could do away with the DNS system, taking enormous weight off of the current infrastructure of the internet, making DDoS attacks impossible, and making it nearly impossible for anybody (including governments) to censor the internet.

Peter Van Valkenburgh put out the public call to Donald Trump to improve national security with a blockchain-style DNS in his “Dear Mr. Trump: To ‘Cyber’ Better, Try the Blockchain” via Wired, because the current DNS system represents a single target that anybody can tamper with to compromise an entire system. Dickinson believes that Nebulis represents a viable solution in this sense, and quotes founder Philip Saunders, who claims that manipulatable caching is the biggest weakness in the current system. “Caching makes it possible to stage DDoS attacks against DNS servers and allows oppressive regimes to censor social networks and manipulate DNS registries,” he said.

Despite Flaws, Still a Better Alternative

The blockchain model is not without flaws. Ahmed Banafa, writing for BBVA’s Open Mind, identifies five key problems in its implementation. These include the issues of scalability, processing power and time, storage, a skills gap, and legal and compliance issues.

Nevertheless, the alternative to the blockchain is our current model, and our current model doesn’t work. The blockchain represents a viable future for cybersecurity, and the promise of a world that is truly secure for all of us.

View Comments (1)

1 Comment

  1. Pingback: Outlaw Snowden Lectures Law Students: 'There is no oath of secrecy in the US'

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology
@AndyO_TheHammer

Andrew Heikkila is a blogger and tech enthusiast from Boise. He enjoys writing about cyber-security and other pertinent issues, and does it all while listening to smooth jazz. You can follow Andy @AndyO_TheHammer on Twitter.

More in Technology

ottawa tech scene

Ottawa tech scene still booming with $1M raised by membership management platform

Tim HinchliffeJune 22, 2017
betakit 150

BetaKit 150 Speakers Will Highlight AI, Innovation and How Canada Can Beat Silicon Valley

Tim HinchliffeJune 20, 2017

How Mixed Reality is Transforming Collaborative Cancer Research

Tim HinchliffeJune 14, 2017
vaping

Tobacco-flavored e-liquid gives aficionados an alternative vaping choice: review

Tim HinchliffeJune 13, 2017
payments solution

An honest payments solution to help SMBs grow combining great tech with security

Tim HinchliffeJune 10, 2017
sales

Qurious launches real-time voice AI that helps rambling sales reps seal the deal

Tim HinchliffeJune 8, 2017
monitor humanitarian crises

How Microsoft developers use ‘real life code’ to help UN monitor humanitarian crises

Tim HinchliffeJune 7, 2017
ottawa tech

Ottawa’s demand for tech talent surges as multinational brands continue to expand in Canada’s capital

Tim HinchliffeJune 6, 2017
ransomware wannacry

WannaCry Ransomware Lives Up to Its Name — but Something Else Will Make You Wanna Scream

Melissa ThompsonJune 3, 2017