What is a Blockchain?
To facilitate a discussion on Cyber Security and Blockchain you must first have a basic understanding of Blockchain technology: It's a continuously growing list of records that are referred to as blocks. Each block is securely linked to subsequent blocks using cryptography. Each of these blocks would normally contain a cryptographic 'hash' (code) from the previous block along with a timestamp and associated data regarding the transaction being recorded. Because of its inherent design it is resistant to modification of the data contained within the chain. Or, as described in Harvard Business Review, blockchain is "an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way".
A few key points on Blockchain:
By design it is secure in terms of being resistant to modification of data once written in the chain.
Blockchain in one form or another is becoming rapidly adopted in many industries where secure and immutable record keeping is business critical.
Systems employing Blockchain technology are as susceptible to being hacked and exploited as any other system. Why? In short, because systems and personnel using Blockchain technology still have security vulnerabilities and issues with poor cyber security practices.
Blockchain systems have not standardized yet and have not been tested at scale like other technologies. That means no one fully anticipate security vulnerabilities associated with block chained systems.
Penetration testing and continuous monitoring can address many of the security vulnerabilities associated with block chained. However, no one can realistically address all blockchain security issues at this time.
How are systems employing blockchain technology being breached or hacked?
The exact same ways that other industries get hacked is how blockchain systems get hacked because the same tactics, techniques, and procedures work on systems using blockchain technology.
Lack of standards around blockchain as a technology means it may or may not be coded or architected in a way that makes finding vulnerabilities possible to find. That means pen testing techniques cannot always be relied upon to find all vulnerabilities.
Software components involved with Block chained systems can have vulnerabilities.
Poor cyber security practices on endpoint devices managing systems using blockchains.
Poor cyber security practices of employees using block chained systems.
Insecure network or application architecture integrated with block chained systems.
Use of 3rd party blockchain platforms. Now you've inherited that 3rd parties security issues potentially.
Quote "According to Forbes, among many others, one of the primary blockchain security issues is the lack of regulation and standards."
How Optium Cyber Systems Inc can secure, as much as possible, Block chained systems?
Looking at past breaches involving Block chained systems show us that vulnerabilities in surrounding systems, poor cyber security practices, vulnerabilities in Blockchain code, and poor network and application architectures are the leading causes for breaches involving block chained solutions.
Optium Cyber Systems Inc can...
1st Conduct a thorough network and application architecture review. If your architecture is insecure all other motions do little to protect your block chained solution from being hacked.
2nd Conduct a thorough penetration testing engagement rooting out vulnerabilities in participating workstations, server, cloud, and storage infrastructure. As much as technologically possible we penetration test the Blockchain software components.
3rd Review and recommend remediation of cyber security practices that enable breaches.
Iansiti, Marco; Lakhani, Karim R. (January 2017). "The Truth About Blockchain". Harvard Business Review. Harvard University. Archived from the original on 18 January 2017. Retrieved 17 January 2017. The technology at the heart of bitcoin and other virtual currencies, blockchain is an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way.