https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Blockchain and IoT: Distinguishing the Hype from Reality

Are blockchain and IoT a match made in heaven, an example of buzzword bingo or something in between?
  • Written by Brian Buntz
  • 20th August 2018

A portion of the cybersecurity industry seems to be stuck in a cycle. When a new technology comes along, a chorus of vendors jumps into the fray essentially proclaiming: “This technology is different than the others. If you buy it, you’ll be safe.” Some years later, the explanation for that particular technology, whether it is public key infrastructure, firewalls, intrusion prevention and detection, antivirus software or network access control, becomes something like: “Well, the last technology you adopted is helpful, but you need another layer of defense.”

Bolt-On Security

And so, the cycle repeats itself, leading to an explosion of security widgets. There is sound justification, of course, in having multiple layers of security. Such is the heart of the defense in depth and castle model approaches to cybersecurity. In practical terms, organizations decide if one layer of cyberdefense is good, having as many layers as possible is better. According to Dean Weber, chief technology officer of Mocana, this line of thinking leads to a sort of mantra of: “bolt on, bolt on and bolt on some more.” A corollary to this premise is the conclusion that the more an organization spends on cybersecurity and the more “bolt-ons” it has, the safer it is. While that may be generally true, it is simplistic. It is vital to understand how much security each layer of protection affords and at what cost.

The Ascent of Blockchain for Data Security

One of the latest bolt-ons is blockchain for data security, which according to Gartner’s most recent hype cycle, has climbed midway up the “innovation trigger” stage.

One of blockchain’s many promises is it can help address one of the Internet of Things’ biggest problems: cybersecurity. “It doesn’t help as well with all of the hype, of course,” said Greg Young, vice president cybersecurity at Trend Micro. “Everything’s blockchain today.” When it comes to the convergence of blockchain and IoT — the latter which has seen its own fair share of hype, and you get more obfuscation.

[IoT Blockchain Summit is the event that’s scaling blockchain for IoT across industry and enterprise. Get your ticket now.]

“What I notice about people’s optimism around blockchain is that it’s often inversely proportional to their understanding of how it actually works,” said RSA Chief Technology Officer Zulfikar Ramzan. “People who understand the details, see the limitations. People who don’t, see it as an idealized abstraction of a ledger. They see this vast sea of opportunity but they are not thinking about all the real-world issues around translating that conceptual idea into [reality].” Still, it can be difficult to gauge an emerging technology’s impact, Ramzan said. For instance, when public key encryption emerged in the late 1970s and early 1980s, it was difficult to foresee the technology’s role in supporting e-commerce in the 1990s.

Still, Ramzan isn’t convinced that blockchain and IoT are a match made in heaven. “I think IoT is almost the wrong application of blockchain,” he said. “If anything, IoT is about tracking physical devices. Blockchain is good at digital identifiers. How do you take a physical device and securely identify it using a digital identifier?”

Applying the CIA Triad to Blockchain for IoT Security

One strategy organizations can use to evaluate their security posture  — as well as the potential of blockchain for data security — is the so-called CIA triad, which is an abbreviation for confidentiality, integrity and availability.

While many well-known cyberattacks expose confidential information, such as the Equifax data breach last year, there are an array of encryption technologies available today with proven track records. While blockchain uses encryption to secure transactions, for organizations already using strong encryption, blockchain offers marginal benefits. “In terms of confidentiality, I don’t think blockchain’s a big help for most applications,” Young said.

One of blockchain’s strong suits is for data integrity, where it can be used to help confirm the identity of endpoints and the information exchanged between them. “I think it comes back to the vulnerability management, blockchain is going to be the big win, especially if they’re consumer devices out in the public,” Young said. Another hot area of current blockchain research is using the technology to fight counterfeiting in supply chain applications.

“Some aspects of blockchain show promise of providing ‘checks and balances’ for data integrity,” said Peter Tran, vice president and head of global cyber defense for Worldpay Inc. “Others just haven’t seen the battle time in the field yet to determine its resiliency under security stress.”

“In the era where data is king for cybercriminals, it’s important to look at the value of the data from a cyber-attacker’s perspective when a breach occurs,” Tran said. For a cybercriminal, data is only a means to an end. “Data is only as good as what hackers can leverage it for and how long it’s shelf life is. For any promising approach like blockchain, the focus should always be on whether the technology can be applied to ‘de-value’ the data once breached,” Tran said. Examples of such devaluation include a self-destruct timer that destroys data in the event of tampering. It’s also important to have controls to ensure the integrity of data before it enters into the blockchain and after it exits it. Earlier this year, Fortune reported that hackers stole $400 million from initial coin offerings (ICOs). But what enabled large ICOs to be targeted was not the fact that cybercriminals compromised the blockchain, but that they stole its output, which in these cases was cryptocurrency.

In terms of availability, blockchain has pros and cons. The fact that a blockchain is distributed means if a network endpoint is taken offline, it can self-heal, similar to in mesh networking. But large blockchain implementations — especially public ones — may struggle with latency. “If you have a real-time kind of environment or something with really low latency expectations, blockchain could really be the slowing-down point. Look at what’s happened with some of the early crypto exchanges,” Young said. 

While blockchain has several built-in data security protections, it is best viewed as one piece of a complete cybersecurity strategy, Young said. Tran agreed, adding that “blockchain isn’t a one-stop shop replacement for a layered defense.”  

Tags: Security Features

Related


  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Common Internet of Things Security Pitfalls 
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?
  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022
IoTWorldToday, IoTWorldSeries

IoT Product Roundup: PTC, Nokia, Arm and More dlvr.it/SQhNNF https://t.co/ZApdw3RHdu

19th May 2022
IoTWorldToday, IoTWorldSeries

Britain’s postal service has plans to run a fleet of autonomous #drones to make rural postal deliveries easier.… twitter.com/i/web/status/1…

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X