Blockchain Security A Moving Target For Both Developers And Hackers

Ripple Ramps Up Focus On Blockchain Infrastructure

No one truly knows exactly where and how blockchain technology will make the greatest impact. In corporate finance, the tool could upend the status quo of supply chain management, cross-border payments, invoicing and document sharing and more.

Regardless of where blockchain makes its mark, what is certain is that corporates have to trust that a largely unfamiliar innovation will work the way it should; that means securely, efficiently and easily.

So, while innovators continue to explore blockchain and design new solutions built on distributed ledger infrastructure, other companies have taken the testing of these new solutions to task. One of them is QualiTest, a company that provides software testing solutions and has just announced the deployment of a blockchain-testing service.

In an interview with PYMNTS, Jeffrey Wheat, global director of Cyber Operations, said the testing of blockchain-based software is just as critical to software developers as it is for the companies using these tools.

“Software testing in general extends to every realm where code is used, because any issues with code pertaining to any facet of technology could mean one of two things: either a bad user experience or a product that is not secure,” he stated. “When it comes to blockchain technology, where there is a crowded field of competitors, a bad user experience could permanently damage a company’s brand.”

Because so many developers are deploying blockchain for the purpose of enhanced security, the executive added, “ensuring the technology is glitch-free is critical.”

“The rapid rise of blockchain technology and the absolute necessity for it to function perfectly spurred the need for such a testing service,” Wheat said of the launch of QualiTest’s latest solution.

He cited recent data from Ernst & Young, covered in Gizmodo, which found approximately $400 million of the $3.7 billion raised via controversial initial coin offerings (ICOs) have been lost to lapses in security, including phishing attacks. Analysts said the money may have disappeared because some of the companies raising funds via ICO simply walked away with the money or failed to deliver on the promises of their technologies and solutions.

Regulators, some of which have criticized the ICO or outright banned it, are more broadly taking cautious steps into the world of blockchain with a heightened focus on its security.

In 2016, Greg Medcraft, chair of Australia’s International Organization of Securities Commissions, spoke with The Financial Times to raise awareness of blockchain security, which will be paramount to ensuring blockchain tools actually get off the ground.

“One way to get consumer confidence is that someone has to look after the issue of fraud,” he told the publication. “At least at the start, exchanges will have to guarantee the customer behind [the trade].”

Wheat said cybersecurity will become an increasingly attractive target for innovators looking to deploy blockchain, making security all the more important.

“The greatest interest in blockchain has come from cryptocurrency companies, as that has been the first proven use case of the technology, but we expect to perform blockchain software testing across a broad range of industries as blockchain’s applicability becomes fully realized,” he said, “for example, in cybersecurity, because blockchain technology necessitates the hack of several locations simultaneously, which would clearly be a big development in the cybersecurity arena.”

When testing solutions, regardless of technology and infrastructure, security is top of mind, Wheat added. But for blockchain solutions, testers have to take a bit of a unique approach to the matter.

“While a lot of the focused testing of blockchain is similar to regular security testing (encryption integrity, data privacy, etc.), the most challenging aspect is that the testing must occur on an ever-changing network environment at line speed,” he explained. “Smart Contract Integrity protection is another unique feature of blockchain testing.”

Interestingly, blockchain’s reputation for security also makes the technology a prime target for cybercriminals, he said.

“Another factor unique to blockchain testing is that, since it did evolve from the cryptocurrency world, hackers and cybercriminals are putting significant effort into compromising blockchain technology, so the risk of it being exploited in the future may be greater,” said Wheat. “But for the same reason that blockchain is complex to test, it is just as complex to exploit. It’s the dynamic nature of this technology that makes it such a difficult and moving target for attackers and keeps the technology one step ahead — for now. Proper testing and hardening will help keep that edge.”

Addressing the security and functionality of blockchain-based software is only the start of ensuring these solutions are adequately deployed and can gain traction. The next step is largely to ensure the enterprises that are actually using these tools trust it and use it properly.

The hype around blockchain is certainly spreading to the corporate world; research released last year by Juniper Research found what analysts described as a “dramatic” rise in corporate awareness of blockchain. More than 80 percent of executives surveyed said they had at least “a little” understanding of blockchain, with large firms staffing more than 20,000 employees displaying particularly broad awareness of the technology.

Payments and settlements, smart contracts and supply chain management and tracking are among organizations’ top priorities when it comes to deploying the tool and developing proprietary blockchain-based solutions. Two-thirds of executives told Juniper they expect to have their tools deployed by the end of 2018.

But even as awareness grows, Wheat said corporates still have progress to make in terms of their familiarity with — and trust in — blockchain.

“One of the biggest obstacles [to corporate adoption of blockchain] is perception, because so many wrongfully equate blockchain solely with cryptocurrency,” he said. “Another significant obstacle is that, since it is so quickly becoming the ‘it’ technology, many fear that the blockchain platforms they would use are unproven and possibly not sure.”

That, added Wheat, is where blockchain testing comes in.