The NotPetya ransomware outbreak in June 2017 left hundreds of companies counting losses and taking significant financial hits.Many of these companies had their global operations severely disrupted which in turn led to massive delays in deliveries and sales.
Global logistics company FedEx, for instance, lost $300m as a result of the malware while shipping giant Maersk said the attack costed it “up to $300m” in damages. This event was distressing enough, but it was also a stark reminder that cybersecurity threats are inevitable these days.
Supply Chain Security Concerns
The cost of cyber-attack like NotPetya is high for global supply chains as a whole. Faced with the threat of ongoing data breaches and cyber-attacks, some companies are starting to try novel solutions, such as blockchain technology, to address the issue.
Blockchain has emerged as an ideal solution for use in a wide variety of applications, including supply chain security. In the case of protecting supply chain systems, blockchain has the potential to ensure data integrity and privacy, providing a higher level of security much beyond what current security could ever achieve.
Enabling Digital Trust
One of the key benefits of blockchain is that it promises to eliminate intermediaries. It also enables peer-to-peer interaction and exchange of data. This also allows for the building of digital trust instead of human trust such as that developed with banks, customs, and supply chain partners. But this digital trust comes from predictability. It is not very easy to predict the behavior of blockchain solutions which is why enforcement of cybersecurity is necessary.
Damages to an organization as a result of cybercrime (e.g., loss of revenue, stolen data or money, compliance fines, lawsuits, data restoration services) can be scary which is why outsmarting attackers is key. Looking at blockchain and consensus mechanisms through the lens of cybersecurity, one realizes that blockchain is intended to protect integrity. The distributed approach makes it much harder for attackers to tamper with information undetected.
However, like any other technology, blockchain also has its weaknesses and vulnerabilities.
Security Trade-offs of Different Blockchain Types
Blockchain has its skeptics, including many who believe the technology has already fallen short of expectations. However, from a cybersecurity standpoint, it is the cryptographic feature that offers the ultimate security guarantee. Of course, there have been reports of fortunes vanishing in cryptocurrency hacks. In turn this has led to critics questioning the cryptographic foundation. Despite this, global supply chains are rushing out to track products such as salmon and diamonds using blockchain. The aim is to eliminate intermediaries as well as reduce theft and fraud within the supply chain ecosystem.
The risk, of course, is that given its nascent nature, blockchain lags when it comes to confidentiality and availability. This risk, however, depends on the type of blockchain used. For example, a private permissioned blockchain framework is most relevant to enterprise applications with a focus on privacy. Permissioned blockchains emphasize confidentiality and as such, require permission to validate transactions. The trade-off, however, is that a permissioned blockchain introduces a controlling authority that might act as a single point of failure. Therefore, companies need to determine what risks each particular blockchain presents and hence set the right expectations, and in turn to foster predictability and trust.