Last week, my friend and colleague Monty Munford wrote as to how crypto would never take off until cybersecurity improves. And whilst I agree with the premise – It is going to take a whole lot more than ‘enhanced cybersecurity’ for crypto to become mainstream.
When people write about cybersecurity and blockchain, they are usually coming at the topic from one of several different angles:
- We need better cybersecurity around these centralised exchanges – you know, the ones that keep getting hacked and lose everyone’s public keys.
- We need better cybersecurity around blockchain. This can mean cybersecurity to protect the nodes, to protect the network from attacks and to protect the contents of the ledger data.
- We can use blockchain to augment and improve the cybersecurity of existing networks and IT infrastructure.
This article talks about the last topic and how so many people get the ideas of how to use blockchain for cybersecurity entirely and utterly wrong. And then they try to apply the principles to IoT, thus compounding their errors.
The main reason people claim to use “blockchain technology” is to secure capital. For the past five (5) years, people have put AI and Big Data into their fundraising decks because the words were (and are still) en vogue. Investors loved the hype. In the past two (2) years, both Blockchain and IoT have been added as words to sprinkle across your business presentations to conjure investors and investment like magic fairy dust..
To make matters worse (or at least more convenient for these so-called thought leaders) there is no concrete understanding as to what blockchain means. There is even only a partial understanding of what is meant by IoT. The articles are written in such a way that truthfully, there is absolutely no substance when it comes to “How blockchain adds value” – and precious little detail as to what type of IoT devices might mystically benefit. Instead, the articles cover woolly “benefits” sprinkled with obtuse jargon.
Too many people put Blockchain into their pitch decks with absolutely nothing in the product.
If anyone were to perform due diligence on these solutions, the outcome would reveal either a) they didn’t mean blockchain, maybe DLT b) there is no blockchain at all or – worst of all – c) they are applying blockchain in a way that is entirely inappropriate and will never work.
To illustrate c) more pointedly, here are: 5 Terrible Ways to Apply Blockchain in IoT and Cybersecurity.
- Providing network security: by using blockchain for consensus. Some articles claim that blockchain gives IoT devices “smarts”. Data stored in a ledger (a blockchain) can provide the basis for making decisions by these IoT devices, but it doesn’t give them smarts. Furthermore, any consensus algorithm that works across multiple IoT devices is possibly separate and distinct from blockchain.
- Store data: You don’t want to store much data in there, it becomes unwieldy. Gosh – that’ll be extremely slow. GDPR makes storing data an even trickier proposition. And pulling data from a blockchain is incredibly slow. Blockchain is a terrible replacement for a relational database.
- Protect data: Blockchain does provide disaster recovery options by distributing the data across nodes, thus having no single point of failure. But that also means that hackers have multiple locations to go and attempt to steal the data. Remember, hackers don’t need to change any data to have an advantage; they just need to steal it. For those that want to encrypt all of the data stored on the blockchain: sure. You can do that. But gosh that’s going to add additional time to any tasks in a system already ‘sloth slow’
- Provide IoT network messaging: Anything requiring real-time or near real-time: Blockchain technology is excellent at ensuring the integrity of the data, but queries and adds to the ledger just take time.
- Secure messaging between IoT Devices: Blockchain is designed to be distributed, decentralised and immutable. There are basic messaging capabilities built into most protocols related to achieving consensus. That’s it. And trying to write messages into the ledger and read them back again is a nightmare.
By 2025—more than 75 billion IoT devices will be connected to the web.
So, if blockchain is not the right thing for IoT and cybersecurity, what “could” it do?
I’m so glad you asked!
- IoT Manufacturer Registry: With 127 new IoT devices being added to the network every second (yes. every second) a public permissionless blockchain could provide a registry for every IoT device manufacturer. With such a registry, any and every IoT device could be connected back to their manufacturer and equally could be validated against having the latest software. The devices could even have their identities verified to help reduce fraud, counterfeiting, zero day fixes and network hijacks.
- IoT Payment Network: There is a growing demand for IoT devices to be integrated into transactions. Hotel rooms are using IoT to unlock rooms – and minibars. Insurance companies are relying on IoT devices to payout on policy claims. Factory automation is relying on IoT devices to support the two-way transfer of both physical goods and capital. With a universal payment system, IoT devices can be given budgets and balances. They can automatically transfer funds within the network – without touching the traditional banking network until a human either adds or extracts fiat.
- Personal Privacy Registry: Every consumer could register their privacy preferences in a blockchain and then share those with IoT devices as they add them to their home. As part of the registration process, the IoT device would ask you to authenticate yourself against the registry, and then automatically retrieve your default privacy preferences and apply them across the scope of the device’s use.
Without being too dull – please notice that for each of the above solutions, there is no central authority. There is no government, no silicon valley heavyweight, no single entity in charge. The networks are decentralised and thus would be operated by a consortium to grow and protect the network as the primary mission – as opposed to exploiting the network for profit.
Queries do not require real-time performance. Data sets can exist with only essential data stored in the ledger (Minimum Effective Blockchain). No claims of data protection – because it is designed for transparency. And no attempts to bypass regulation for some esoteric personal gain.
Blockchain has both a purpose and usefulness in the IoT realm. Cybersecurity however isn’t one of those. In general, blockchain has little or no value to add when it comes to cybersecurity – unless you’re trying to raise money from investors who don’t understand what they are doing.
Get in touch with us firstname.lastname@example.org / Twitter @igetblockchain.
Troy Norcross, Co-Founder Blockchain Rookies