Enisa Helps Firms Secure Blockchain Tech

EU security agency Enisa has waded into the debate over the future of public ledger technology blockchain with a new report designed to highlight security challenges and best practices for those in financial services.

Financial institutions are increasingly looking to invest in the technology in a bid to reduce human error and costs and improve risk management and compliance.

Crucially, blockchain allows firms to automate, reduce the amount of legacy tech needed for data sharing and work within a standardized framework for recording even complex transactions – which all help these efforts.

In fact, in November 2015 it was estimated that $1 billion would be spent by the top 100 such institutions by autumn 2017.

The 36-page report, Distributed Ledger Technology & Cybersecurity, points out that although blockchain features some traditional security principles, such as key management and encryption, it also introduces new challenges.

One of the major ones is the so-called “consensus hijack” – brought about if a malicious third party or parties manage to control more than 50% of participants.

“The extent of a 51% attack will allow an attacker to refuse to process certain transactions as well as to re-use an asset which has already been spent,” Enisa warned.

The report also warned of attacks on sidechains, DDoS brought about by rogue digital wallets spamming the network and software errors in the smart contract programs which run on the ledger – as well as interoperability, scalability and other challenges.

“Cybersecurity should be considered as a key element in the Blockchain implementation by financial institutions,” warned Enisa executive director, Udo Helmbrecht.

To this end, the agency recommended several best practices for financial institutions looking to implement blockchain technology.

These include correct key management and key generation; code review; fraud monitoring; DoS mitigation; wallet management; careful monitoring of nodes and much more.

What’s Hot on Infosecurity Magazine?