Is blockchain secure enough for government?
Connecting state and local government leaders
Blockchain has broad public-sector potential, but recent cryptocurrency hackings have lawmakers concerned about its security for government applications.
As agencies experiment with blockchain to speed procurement, secure employee records and bring interoperability to health records, they are learning how the technology can transform how government does business. However, most work at federal and state levels is still in the pilot or proof-of-concept phase.
Lawmakers at a Feb. 14 hearing of two subcommittees of the House Science, Space and Technology Committees voiced concerns about moving such efforts into production. Committee members were particularly concerned about whether blockchain applications in government could be hacked the way some cryptocurrency exchanges and wallets have been in recent weeks.
Blockchain allows networks to continue to operate “even in the presence of bad actors or carelessness” through “fault-tolerant algorithms.” Jerry Cuomo, IBM’s vice president of blockchain technologies, said.
Because users validate others’ transactions on the blockchain, the distributed ledger technology has elements of cryptographic trust when it comes to identity of users, according to Chris Jaikaran, a cybersecurity policy analyst in the Congressional Research Service's Government and Finance Division. It also creates an auditable and immutable record of transactions on the blockchain.
Jaikaran said that several agencies, including the National Institute of Standards and Technology, General Services Administration and Department of Homeland Security, were researching blockchain technology, but described their work as “still in the test-bed” stage of understanding how the technology works.
NIST released its first draft report on blockchain in January that offered a high-level explanation of how the technology works, the various platforms and common misconceptions. Charles Romine, director of the Information Technology Laboratory at NIST, said his agency’s priority with the guide was to create a common vocabulary.
Addressing questions about vulnerabilities in the technology, Romine said he believes it would be “extremely difficult” in “most cases” to alter blockchain records. Subverting and changing records would require “the collusion of a majority of the participants,” and it would “still likely be visible” to the entire community that changes were made.
NIST’s work with quantum computing also will play a role in the agency’s investigation of the security of blockchain technology. Romine said it could be 15 to 30 years before quantum computers can break blockchain algorithms, but warned that timeline could change “if there are dramatic improvements of the technology that we can’t predict.”
Aaron Wright, co-director of the Cardozo Blockchain Project at Yeshiva University, urged legislators to consider creating a National Blockchain Commission to foster the technology's growth in the United States. Wright said in written testimony that he sees a commission as the best place to “devise common principles to guide the federal approach for regulating blockchain technology” and a convening body to hold hearings, conduct research and make recommendations for industry, agencies and lawmakers.
The Congressional Blockchain Caucus, meanwhile, is planning a series of meetings this year to educate lawmakers on the technology's use in digital identity, payments and supply chain mechanisms. GSA’s Emerging Citizen Technology Program also holds monthly interagency meetings to discuss ongoing projects that incorporate blockchain, artificial intelligence and virtual reality.
NEXT STORY: NIST maps out IoT security standards