Views on blockchain’s potential in the defence sector range from claims it’s the ‘next generational leap’ as an outright replacement for ‘current security protocols and databases that are no longer fit for purpose’; to accusations it has been ‘overhyped’, with critics arguing it is unlikely we will realise any benefit from its deployment until 2025. Our view is that blockchain has the potential to be useful in defence organisations and that this needs to be explored and tested now.
How does blockchain in the defence sector work?
Underpinning the cryptocurrency Bitcoin, blockchain is a large distributed accounting ledger that records all user transactions. Unlike traditional ledgers, blockchain verifies transactions using peer-to-peer networks to establish distributed consensus, eliminating single points of failure. Its design ensures that the data is immutable and auditable as each transaction links to its predecessor and every member of the network has a copy of the ledger.
Making the case for Blockchain in Defence to deliver value now
The immutability and peer-to-peer characteristics of blockchain mean that a successful hack would require enormous quantities of computing power to access thousands of user computers to manipulate the data. This inherent security lends itself to some critical applications within defence.
Managing Supply Chains
One of these is in defence’s complex supply chains, which transport equipment and personnel in difficult terrains across the globe. The lack of visibility and cyber resilience across the tiers in these supply chains are recognised as one of the biggest threats facing the sector today. Consider the transportation of medical devices that starts with the supplier(s) before transit through MOD delivery organisations to Brize Norton for transport to an overseas base, before the onward journey to the end user on operations. During this process, there are a series of critical points where the process could fail and where there are opportunities for manipulation.
Not only can blockchain address these issues, it offers a more secure record for supply chain management and enables greater auditability and real-time identification of responsibility. The American supermarket, Walmart, has recently demonstrated this to great effect, with its development of a food safety blockchain that reduced the time taken to trace the source of food from seven days to 2.2 seconds, helping to speed up remediation and tackle E.coli outbreaks.
Access and Identity Management
It is paramount that defence organisations understand who is accessing physical and virtual sites at different security classifications and, crucially, what visitors are doing once they are granted access. This requires significant investment in databases that store and process volumes of confidential and personal information. Past cases have illustrated how these databases have vulnerabilities, such as the way hackers gained unapproved access to background information submitted by military personnel for security clearances in 2015. A further challenge can be seen in the way different parts of the UK defence sector can spend weeks on processes, such as updating a contractor’s access to particular sites and IT, only to have to repeat the process when they need to work elsewhere.
Blockchain can reduce these problems by working alongside existing directories and databases using Signature Chains to act as a personal blockchain for each user. This helps generate digital identities and ensures all documentation, access rights and vetting are recorded. This then eliminates the need for any repetition and management of access rights, making change requests almost instantaneous.
Setting the conditions for success
However, there are some steps that will need to be taken to enable the successful adoption of blockchain on a wide scale. This includes making sure there is stringent data governance and quality assurance in place, as once the data is stored on a blockchain it is immutable, and so must be quality assured prior to storage. This makes data management policies, backed by technology like Physical Unclonable Functions, essential. It may also require the adjustment of the public-private key cryptography. Most blockchains use SHA-256, however certain defence-grade solutions require specific private-public key cryptography to comply with cyber security standards.
Another important element is the need for organisations to choose the right platform as the market is inundated with platforms to develop blockchain applications. Each of these have their own weaknesses and strengths and these will require careful consideration before a solution is adopted. Then, as with any disruptive technology, implementation will need to be accompanied by appropriate training to minimise user error.
Acting in anticipation of the hype
Defence organisations should recognise that there is hype, but blockchain can deliver significant value, though, for now at least, this will be slow to realise. Nevertheless, this should not be a reason to postpone experimentation, there are existing opportunities where tangible benefits can be realised immediately and the risks of delaying exploration of these are higher than waiting until the hype becomes a reality.