Distributed-denial-of-service attacks are not only becoming massive in scale, but more sophisticated in their makeup. This is in large part due to the expansion of the digital world in which we live. With an ever-increasing number of unsecured devices connected to one another, the potential for cyber-attackers to overwhelm any organization is a clear and present danger.
Last year, the biggest recorded DDoS attack was launched against KrebsOnSecurity.com, a website owned by a leading cybersecurity guru, who presumably had somewhat sophisticated cyber-defenses. The real-world threat is unmistakable. New applications of machine learning and the internet of things are expanding the volume of digital communication nodes to monitor for intrusion. This increases the risk of hackers gaining entry without detection. Our increasingly cashless society is drawing would-be attackers who are intent on causing massive disruptions in consumer finance.
Just look at the recent elections for an example of how criminals used the data custody chain to manipulate the news on social media. The intrusions that interfered with the integrity of information released to the public were not fully revealed until after the damage was done. An adequate measure of defense for such a complex stream of layers might seem out of reach. Banks are already fighting an uphill battle against cyber-threats; some 25% of banks rank insufficient technical tools as a leading deficiency in their fight against DDoS attacks. But the blockchain offers promise as a resource.
Applying the example of fake digital news, imagine if an adversary could manipulate upstream financial data used in a bank’s — or also an online consumer’s — downstream decision-making, and go undetected or undetectable for a period of time. In a world where banks are looking to embrace the benefits of machine learning, data manipulation could have a very severe impact on the machine learning decision-making process. But blockchain provides a tamper-proof chain of custody for any record; if data is tampered with, blockchain provides an audit trail to identify who manipulated the data.
In a DDoS attack, two big worries are the availability of data, and the integrity of data.
Let’s first address the first concern — how the blockchain could defend against a perpetrator trying to knock out a whole communications system.
Blockchain is a truly distributed system with built-in protections against losing communication with network nodes. The biggest blockchain to date is the bitcoin network. While bitcoin is a truly open network whereby anyone can establish a node and read and write to the bitcoin blockchain, the protocol has successfully survived the many attempts made to attack this network.
Think of blockchain like the computer systems for the NATO military alliance. One attack on an individual institution is an attack on all. More importantly, the collective computing power available within the blockchain system makes it exceedingly difficult for a cyber-attacker to succeed in knocking it offline. One would have to attack several blockchain nodes across different institutions to overwhelm the blockchain system in question. In terms of a DDoS attack, the blockchain has built-in protections to ensure the processing of blockchain transactions can continue even if several blockchain nodes go offline.
This is considerably more advanced than the internet, which, as originally conceived, was intended to allow dynamic communications routing in the event of a nuclear attack — where many nodes would be knocked out. But the problem was the internet was not designed to handle data processing run through those communication nodes.
Blockchain nodes, meanwhile, run consensus algorithms. If a node or several nodes go offline, the other nodes continue to operate. A blockchain-based system spanning more than one financial services company therefore poses a much harder challenge for intruders than current non-blockchain defense systems.
The other aspect to consider is integrity. While availability is important, it is only important if available systems maintain integrity in the face of a malicious attack. This is vitally important for financial services companies. As we digitize not only money but commercial contracts, these companies become vulnerable to tampering. Blockchain can provide a vital means of securing and demonstrating the integrity of systems. Additionally, blockchain has at its core a fully traceable lineage, which means a chain of custody for updates is automatically recorded.
For the internet of things and machine learnings to take off with consumer markets, future connected devices by their nature will be built with a low price point. This means sophisticated security will unlikely to be embedded in them, drawing future botnets capable of doing massive harm. Gartner Inc. forecasts that not only will 8.4 billion connected things be in use worldwide in 2017 but they will reach 20.4 billion by 2020.
The ease of launching massive DDoS attacks will grow and no existing system can address this problem unless it is truly distributed. The blockchain may serve as the best remedy.
The article was originally published on American Banker and is re-posted here by permission.