Risk Insider: Kate Browne

IoT is Exploding. Can Blockchain Protect its Vulnerabilities?

By: | August 2, 2018 • 2 min read
Kate Browne Esq., ARM is a Senior Claims Expert at Swiss Re Corporate Solutions. She has spent her entire career in the insurance industry, and speaks and writes extensively on the impact on the legal implications of drones, autonomous vehicles, the internet of things, and other emerging risks. Kate can be reached at [email protected]

The world is full of connected devices – and more are coming! In 2017, there were approximately 8.4 billion internet enabled products including washing machines, thermostats, and parking meters. Experts predict by 2020 there will be more than 20 billion IoT devices, and by 2030 there could be 500 billion.

However, with connectivity comes vulnerability, particularly to cyberattacks. The Internet of Things (IoT) has transformed physical objects that used to be offline into online assets that often collect data and communicate with central networks.

Large “smart” device manufacturers such as Google, Apple, Microsoft and Samsung, have teams and systems that can quickly identify and fix security vulnerabilities.

While commonly associated with virtual currencies, such as Bitcoin, the blockchain has the potential to create a tamperproof history of how a product was manufactured and maintained as well as being a source for software updates for smaller IoT devices.

However, many of the companies involved in the production of smaller internet-enabled devices, such as doorbells and lightbulbs, are in developing countries and may not have the resources to provide state of the art security for the devices they manufacture.

In addition, many smaller devices are vulnerable to hacking attacks because they use default passwords and their limited computing power can sometimes inhibit the installation of anti-virus software. Blockchain could be a possible solution to track and distribute security software updates.

A blockchain is a tamper-proof distributed record of transactions that is maintained by a network of computers on the internet and secured through advanced cryptography. It is often referred to as a secure spreadsheet or bulletin board in the cloud where people can post notices of transaction.

Each post has a digital signature which cannot be changed or deleted. While commonly associated with virtual currencies, such as Bitcoin, the blockchain has the potential to create a tamperproof history of how a product was manufactured and maintained as well as being a source for software updates for smaller IoT devices.

How would it work?

There are two kinds of blockchains. In a public blockchain, such as Bitcoin, anyone can create data. In a private blockchain, all the participants are known and trusted.

A “permissioned and private” blockchain could be created and used to safely on-board IoT and other connected devices, by registering them in a private blockchain ledger.

Devices could communicate with similar devices and determine if their security systems are up to par. Small manufacturers could program their products to regularly “check in” with a blockchain system to see if there are new software updates. This would let device makers, regulators, and consumers know the products are regularly checking in and automatically receiving all security updates.

Last year, a consortium was formed to investigate and develop a blockchain security system for the IoT. Members included CISCO, Bosch, Bank of New York Mellon, the Chinese electronics maker Foxcomm and several blockchain startup companies. The group concluded that a distributed, trust-based authentication model is the correct way to address IoT security threats.

The world is only beginning to understand the applications and benefits of blockchain technology, but it may prove to be a valuable component of IoT security.

More from Risk & Insurance

More from Risk & Insurance

Black Swans

Black Swans: Yes, It Can Happen Here

In this year's Black Swan coverage, we focus on two events: An Atlantic mega-tsunami which would wipe out the East Coast and a killer global pandemic.
By: | July 30, 2018 • 2 min read

One of the most difficult phrases to digest without becoming frustrated or judgmental is the oft-repeated, “I never thought that could happen here.”


Most painfully, we hear it time and time again in the aftermath of the mass school shootings that terrorize this country. Shocked parents and neighbors, viewing the carnage, voice that they can’t believe this happened in their neighborhood.

Not to be mean, but why couldn’t it happen in your neighborhood?

So it is with Black Swans, a phrase describing unforeseen events, made famous by the former trader and acerbic critic of academia Nassim Nicholas Taleb.

We at Risk & Insurance® define these events in insurance terms by saying that they are highly infrequent, yet could cause massive damages. This year, for our annual Black Swan issue, we present two very different scenarios, both of which would leave mass devastation in their wake.

A Mega-Tsunami Is Coming; Can the East Coast Even Prepare?, written by staff writer Autumn Heisler, profiles an Atlantic mega-tsunami, which would wipe out lives and commerce along the East Coast.

On the topic of whether the volcanic island of La Palma, the most northwestern of the Canary Islands, could erupt, split and trigger an Atlantic mega-tsunami, scientists are divided.

Researchers Steven Ward, a geophysicist at UC Santa Cruz, and Simon Day of University College London, say such a thing could happen. Other scientists say Day and Ward are dead wrong; it’s an impossibility.

One of the counter-arguments is backed up by the statement that there has never been an Atlantic mega-tsunami. It’s never happened before and thus, could never happen here. See exhibit “A” above, re: mass school shootings.

Viral Fear: How a Global Pandemic Kills an Economy, written by associate editor Katie Dwyer, depicts a killer global pandemic the likes of which hasn’t been seen in a century.

Tens of millions of people died during the Spanish Flu outbreak of 1918.

Why it could happen again includes the fact that it’s happened before. The science on influenzas, which are constantly mutating, also supports just how dangerous a threat they pose to millions of people beyond the reach of antibiotics.

Should a mutating avian flu, for example, spread widely, we could see a 10 percent drop in GDP, mostly from non-physical business interruption.

As always here, the purpose is to do exactly what insurance modelers and underwriters do; no matter how massive the event, we create scenarios, quantify possible losses and discuss risk mitigation strategies. &

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]