Agencies approach blockchain with caution
- By Sara Friedman
As agencies search for technology solutions to improve authentication, testing biometrics and federated identity, some have suggested that blockchain, the much-discussed distributed ledger technology, might play a role.
Blockchain could be one component of the solution, according to National Institute of Standards and Technology Senior Standards Technology Advisor Paul Grassi, but it doesn’t meet all of the necessary security requirements for government-grade identity authentication.
“Most of the work being done in government today is done through a typical relational database where attributes can be protected and access controlled,” Grassi told GCN after a Dec. 13 AFCEA breakfast event on identity management.
He questioned the “utility” of agencies using a permissioned blockchain for identity management. He also expressed concerns that blockchain’s secure transactions eventually could be compromised by quantum computing -- although that risk extends to much of the encryption tools commonly used today.
“The core of blockchain is based on hashing, which will be broken down by quantum computers,” Grassi said. “It is the next frontier for computing, and it will be so powerful that it will be able to break down modern crypto algorithms.”
While Grassi continues to monitor blockchain-based solutions that can help agency mission needs, he doesn’t think that the time has come for NIST to start developing standards for the technology. Grassi said he wants to “give time for innovation to thrive” before setting up restrictions or roadblocks.
The blockchain community is working to develop solutions based on open source frameworks from Hyperledger and Ethereum for different use cases. Grassi said he sees an opportunity to work within those collaborative environments to determine if blockchain's security controls are up to government standards.
The State Department, which sees potential for blockchain to address problems with foreign aid tracking, supply chain management and arms control, is also proceeding cautiously.
State conducted a forum in October with startups and industry giants such as IBM, Booz Allen Hamilton and Microsoft to get ideas on possible applications for identity management, foreign aid, supply chain transparency, immutable records and cybersecurity.
At the Dec. 12 Dcode Demo Day, Silvana Rodriguez, partnerships advisor for the Secretary of State’s Office of Global Partnerships, spoke about the department’s initial blockchain efforts and identified challenges that have become apparent in recent months.
“One of the biggest pieces in this process is building an internal consensus,” she said. “Our champions can be in unlikely places, and we want to cast our net wide.”
The State Department has not announced any blockchain proof of concepts or pilots, and Rodriguez cautioned government and industry stakeholders to exercise “situational awareness” when having conversations about policy that could “hijack” future efforts to understand the technology.