Newsletters
Risk Central
Digital Edition
Risk Insider: Kate Browne
IoT Is Exploding. Can Blockchain Protect its Vulnerabilities?
Kate Browne Esq., ARM is Senior Counsel Executive & Professional at Berkshire Hathaway Specialty Insurance. She has spent her entire career in the insurance industry, and speaks and writes extensively on the impact on the legal implications of drones, autonomous vehicles, the internet of things, and other emerging risks. Kate can be reached at [email protected].
The world is full of connected devices – and more are coming! In 2017, there were approximately 8.4 billion internet enabled products including washing machines, thermostats, and parking meters. Experts predict by 2020 there will be more than 20 billion IoT devices, and by 2030 there could be 500 billion.
However, with connectivity comes vulnerability, particularly to cyberattacks. The Internet of Things (IoT) has transformed physical objects that used to be offline into online assets that often collect data and communicate with central networks.
Large “smart” device manufacturers such as Google, Apple, Microsoft and Samsung, have teams and systems that can quickly identify and fix security vulnerabilities.
While commonly associated with virtual currencies, such as Bitcoin, the blockchain has the potential to create a tamperproof history of how a product was manufactured and maintained as well as being a source for software updates for smaller IoT devices.
However, many of the companies involved in the production of smaller internet-enabled devices, such as doorbells and lightbulbs, are in developing countries and may not have the resources to provide state of the art security for the devices they manufacture.
In addition, many smaller devices are vulnerable to hacking attacks because they use default passwords and their limited computing power can sometimes inhibit the installation of anti-virus software. Blockchain could be a possible solution to track and distribute security software updates.
A blockchain is a tamper-proof distributed record of transactions that is maintained by a network of computers on the internet and secured through advanced cryptography. It is often referred to as a secure spreadsheet or bulletin board in the cloud where people can post notices of transaction.
Each post has a digital signature which cannot be changed or deleted. While commonly associated with virtual currencies, such as Bitcoin, the blockchain has the potential to create a tamperproof history of how a product was manufactured and maintained as well as being a source for software updates for smaller IoT devices.
How would it work?
There are two kinds of blockchains. In a public blockchain, such as Bitcoin, anyone can create data. In a private blockchain, all the participants are known and trusted.
A “permissioned and private” blockchain could be created and used to safely on-board IoT and other connected devices, by registering them in a private blockchain ledger.
Devices could communicate with similar devices and determine if their security systems are up to par. Small manufacturers could program their products to regularly “check in” with a blockchain system to see if there are new software updates. This would let device makers, regulators, and consumers know the products are regularly checking in and automatically receiving all security updates.
Last year, a consortium was formed to investigate and develop a blockchain security system for the IoT. Members included CISCO, Bosch, Bank of New York Mellon, the Chinese electronics maker Foxcomm and several blockchain startup companies. The group concluded that a distributed, trust-based authentication model is the correct way to address IoT security threats.
The world is only beginning to understand the applications and benefits of blockchain technology, but it may prove to be a valuable component of IoT security.
