Thoughts on Cyber Intelligence and Blockchain
By Rishi Tripathi, Chief Information Security Officer, Mount Sinai Health System
Cyberattacks occur worldwide almost every day, yet it is challenging to learn the type and target of an attack in real time. A vast amount of cyber intelligence goes untapped; even if it could benefit everyone, companies do not want to share sensitive information broadly. Doing so, they may expose themselves to legal or regulatory scrutiny.
Companies certainly see the need and benefit of sharing real-time cyber intelligence if there was a way to share more information without revealing too much. Perhaps, we should look at creating a Blockchain-based cyber intelligence platform in conjunction with:
- Zero-knowledge proof that separates data verification from the data itself. One party (the prover) can prove to another party (the verifier) the possession or existence of some information without revealing all the detailed information.
- Multi-party computation on data sets can reveal how many companies have been impacted by a similar attack without revealing the company’ details. This method can allow multiple parties to make calculations using their combined data without revealing their input.
- Homomorphic encryption allows users to perform computations on its encrypted data without first decrypting it, protects data, and lets users run queries on the data to gain insights.
This method may enable—privately and safely—shared, real-time attack metrics, which analytics can use to uncover trends in the attack’s location, type and sophistication. I would encourage further financial and technical studies of this method to ensure it’s effectiveness and efficiency. More people must collaborate to address this challenge.
Companies worldwide may be able to share real-time data about cyberattacks, while using a key to protect details. Sharing the keys can also become a path to commercialization, where attack details are transmitted via smart contracts with agreed-upon customers, government agencies, and regulators.
Currently, no major player is utilizing Blockchain to share intelligence and trends around cyberattacks. They still use legacy, information sharing methods—often outdated or inaccurate—utilizing data exchange or Application Programming Interface (API).
The establishment of this type of Blockchain could directly connect to a company’s cybersecurity defense infrastructure that can ingest relevant pieces of information flowing through the Blockchain—protecting the company from a new type of cyberattacks.
In cybersecurity, once you’re able to gather verifiable, accurate information about cyberattacks, it becomes extremely valuable to ingest that information into existing technologies deployed to protect the company.
This method may crowdsource cyberattack defenses. Attacks seen in one part of the world on an individual computer could be transmitted almost in real time using Blockchain. This global communication could allow defensive measures to be set up in near real time. Global sharing can thwart the creation of new hacking groups, as their initial attacks will not succeed, and they will require more time to grow.
Exciting trends and new technologies are emerging to help address cybersecurity challenges, Blockchain being one of them. Several use cases come to my mind involving Blockchain and cybersecurity. For example, the above approach can also be utilized to safely share data with the third parties a company does business with; other combinations of Blockchain and Cryptography may provide unique use cases in cybersecurity.
The best solution may vary by person and organization. Instead, I encourage provoking conversation that, perhaps, inspires others to develop leading-edge solutions to solve cybersecurity issues that were once difficult and challenging years ago—well before the technological and innovative advances we are able to leverage today.