Blockchain is a distributed ledger which maintains all transactions and assets and is updated by a number of counterparties. Financial institutions are investing in the technology – in what is hoped – to automate processes and remove “human” errors. This may help towards lowering transactional and operational costs by releasing the finance sector from its legacy systems.
A World Economic Forum report reveals that over one billion euros are invested in blockchain technology startups. Despite the potential cost savings, it remains important to assess what the security implications of Blockchain implementations might be.
ENISA analysed the technology and identified security benefits, challenges and good practices. The report identifies that some principles used in the security of traditional systems and in blockchain, such as key management and encryption, are still largely the same. There are however new challenges that the technology brings, like consensus hijacking and smart contract management. Additionally, it highlights that public and private ledger implementations will face different sets of challenges.
To secure business information whilst leveraging blockchain technology, financial institutions should seek to adopt best practices which allow them to:
- monitor internal activity
- automate regulatory compliance
- disclose information only to relevant counterparts and authorities
- adopt industry level governance procedures which will facilitate the updating of ledger implementations over time
ENISA held a workshop in October to validate the results of its study. The agency will remain active in providing awareness on the cyber security challenges in new technologies and continue its work in the finance sector as part of its mandate in the protection of critical information infrastructures. In the context of the NIS directive and the Payment Services Directive ENISA works with ECB and EBA in addressing incident reporting and minimum security measures in the finance sector.
The full report aims to provide financial professionals in both business and technology roles with an assessment of the various benefits and challenges that their institutions may encounter when implementing a distributed ledger.