Professional Documents
Culture Documents
Out
Out
by
Joseph J. Fugelsang
Utica College
August 2019
ProQuest 22621544
Published by ProQuest LLC (2019 ). Copyright of the Dissertation is held by the Author.
All rights reserved.
This work is protected against unauthorized copying under Title 17, United States Code
Microform Edition © ProQuest LLC.
ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
© Copyright 2019 by Joseph J. Fugelsang
ii
ABSTRACT
The purpose of this Capstone Project was to examine existing and potential applications for
Research particularly focused on applications for cybersecurity and data privacy purposes. The
existing methods of cybersecurity and data privacy. The literature review outlined several
sectors and specific organizations who have piloted blockchain programs or are currently
revealed that blockchain has many promising applications for cybersecurity and data protection.
The project highlighted blockchain’s benefit to Internet of Things, Supply Chain, Government,
Aerospace, Defense, and Healthcare. Research determined that, despite blockchain’s many
promising cybersecurity applications, several risks and barriers have prevented mainstream
adoption. The project concluded that blockchain offers a perfectly viable alternative to
cybersecurity and data privacy. However, due to significant challenges outlined in the project,
iii
TABLE OF CONTENTS
iv
Decentralized data storage ....................................................................................... 22
Transparency ........................................................................................................... 23
Data integrity, auditability, and immutability........................................................... 23
Anonymity and privacy ........................................................................................... 23
Theme 3: Blockchain Adoption Has Not Entered the Mainstream ....................................... 24
RQ3: What are the risks or barriers to adapting these technologies for cybersecurity? ... 24
Standardization........................................................................................................ 24
Drawbacks to decentralization ................................................................................. 25
Key management ..................................................................................................... 25
Overhead and scalability ......................................................................................... 25
Resistance to change ............................................................................................... 26
Government regulation ............................................................................................ 26
Comparison of the Findings ................................................................................................ 26
Limitations of the Study ...................................................................................................... 27
CONCLUSION ........................................................................................................................ 29
REFERENCES ......................................................................................................................... 32
v
LIST OF ILLUSTRATIVE MATERIALS
vi
STATEMENT OF THE PROBLEM
technologies that digitally enhance critical operations, cyberattacks grow in complexity and
magnitude (Bissell & Ponemon, 2018). In 2018, security breaches increased 11% in public-
sector and private-sector organizations, averaging 145 breaches (Bissell & Ponemon, 2018), and
the average cost of cybercrime increased 12%, averaging $13 million (Bissell & Ponemon,
2018). Cybercriminals continue to target data (Bissell & Ponemon, 2018) through intellectual
property theft, economic espionage, cyber fraud, or insider threat, and the loss, destruction, or
manipulation of sensitive data can seriously damage individuals, businesses, and government
agencies and institutions (Bissell & Ponemon, 2018). Business organizations and government
agencies must therefore adopt more modern, innovative methods of protection for their most
critical data assets. This Capstone Project proposes Distributed Ledger Technology (DLT)
DLT, also known as blockchain, first appeared as the underlying technology behind
Satoshi Nakamoto’s Bitcoin Electronic Cash System (Crosby, Pattanayak, Verma, &
Kalyanaraman, 2016). Bitcoin is a peer-to-peer currency system that bypasses the need for
between parties (Nakamoto, 2008). Blockchain ensures that all transactions are timestamped,
encrypted, and recorded to tamper-proof ledgers that share and distribute themselves across
Since blockchain and DLT are widely publicized for their cryptocurrency applications,
discussion of their potential for cybersecurity and data protection applications is underway.
1
However, the problem is that existing literature does not cite these applications as a viable
alternative to current anti-cyberattack defense systems, so companies are yet to fully embrace
blockchain and DLT for cybersecurity (Kshetri, 2017). Promising cybersecurity applications do
exist, but continued research into blockchain’s benefits for various industries is necessary
(Koehler, 2017). The purpose of this study is to present opportunities to use DLT and
blockchain-based applications for cybersecurity and data protection across various industries.
Research Questions
To fully address the research problem of whether blockchain technology offers a practical
alternative to conventional cybersecurity practices, this Capstone Project attempted to answer the
3. What are the risks or barriers to adapting these technologies for cybersecurity?
Through thorough examination of the research questions outlined above, this project
revealed current and/or proposed blockchain technologies, as well as their potential applications
within a cybersecurity context. Secondly, the research questions helped to uncover the
privacy. Lastly, the research questions helped to disclose why blockchain technology is not
Today’s centralized Internet promotes free flow of data over a network of central servers
(Primas, 2018). As a result, sensitive data are vulnerable to attack as one or more single points
2
of entry store critical information (Woodside, Augustine, & Giberson, 2017). When a user
performs a data transaction via the centralized Internet, that user relinquishes control of personal
information to technology corporations that profit from exploitation of personal data (Primas,
2018). Users’ trust in data-storing tech companies or centralized authorities does not protect
sensitive information from cybercriminals who target central data repositories (Arnold, 2019).
One reason for this is an organization’s cybersecurity function is largely centralized, and
the organization informs few employees of security updates or new policies and processes,
resulting in lack of individual accountability for personal data. Meanwhile, insider threat
network intrusion or hacking attacks (Bissell & Ponemon, 2018). Centralization thus leaves too
much room for human error, so decentralization removes the human element from the equation,
cybersecurity function by nearly eradicating the risks associated with a single point of entry.
Decentralization enables data storage across multiple layers and servers on many computers
multiple entry points, making less data available to malicious actors at a single location (Primas,
2018).
peer-to-peer network of connected computers (Workie & Jain, 2017). DLT encrypts data across
the network, limiting an individual’s ability to read or write information (Workie & Jain, 2017).
DLT also eliminates the need for a third-party central administrating authority by recording a
history, or ledger, of information accessible to any peer in the network (Back, 2019).
3
Blockchain may be the most notable DLT, from its association with Bitcoin and other
cryptocurrencies (Woodside et al., 2017). Blockchain technology emerged in 2008 when Satoshi
Nakamoto wrote about it in a whitepaper, and by 2009 Nakamoto had introduced Bitcoin, the
first application of blockchain technology (Woodside et al., 2017). Blockchain advocates insist
that blockchain is inherently secure and provides privacy protection and solutions to many
problems related to cybersecurity (Kshetri, 2017). Blockchain eliminates data passage through a
third party by storing records of information across several computers or nodes. Thus, a breach
to a single node poses little threat, since blockchain data replicates itself and repeatedly backs
itself up. So successful compromise of a blockchain system requires hacking of greater than
applications have not been adopted at mass scale (Kshetri, 2017). Existing research does not
indicate whether DLT and blockchain-based applications provide a better alternative to current
data protection and cyberattack defense systems due to the nascent state of the application
technologies (Kshetri, 2017). DLT and blockchain applications have enormous potential for
cybersecurity and data privacy purposes (Arnold, 2019). However, the mainstream has yet to
embrace existing application developments and proposals (Arnold, 2019). In fact, most
blockchain-based projects rarely move beyond the pilot program stage (Morkunas, Paschen &
Boon, 2019).
given the limited number of use cases available for evaluation. This capstone project examines
4
existing use cases, as well as DLT and blockchain technologies’ assets and liabilities. In
addition, based on current and proposed applications, this project recommends future adaptation
The Audience
By identifying and presenting opportunities to adopt DLT and blockchain applications for
cybersecurity and data protection across various industries, this research would most benefit
Specifically, the research below targets corporate and government leaders who wish to develop
alternative approaches to data protection and cybersecurity. The research presented in this
Capstone Project demonstrated that only a select group of agencies and organizations have fully
embraced blockchain solutions for cybersecurity. As a result, those looking to explore the
potential benefits of blockchain for cybersecurity may wish to look toward the innovators and
Prospective adopters will discover that the research presented in this project highlights
blockchain’s ability to bolster cybersecurity and data protection. Additionally, early innovators
will gain further insight into other preexisting blockchain applications for cybersecurity.
Ultimately, the following report targets all individuals with a general interest in blockchain and
DLT, as well as business and government researchers and developers seeking to incorporate
5
LITERATURE REVIEW
Introduction
The objective of the literature review was to address the problem or gap that existing
literature has failed to determine whether blockchain applications provide a viable alternative to
the current system of defending against cyberattacks. In order provide clearer insight into the
problem, the literature review addressed three research questions to determine existing
utilization of such technologies, and the potential risks and/or barriers preventing mainstream
adoption. First, the literature review discussed in detail the history and overview of blockchain
technology and its cyber-specific benefits. Second, the literature review highlighted various
industries and sectors that have implemented, or are currently implementing blockchain
technology for data privacy, data integrity, and cybersecurity. The third and final research
question examined the particular use cases and applications outlined in the literature review and
On October 31, 2008, an anonymous author, under the pseudonym Satoshi Nakamoto,
published a paper titled “Bitcoin: A Peer-to-Peer Electronic Cash System” (Crosby et al., 2016).
The paper outlined Nakamoto’s vision for an inter-peer network-based online payment system
through which multiple parties could transfer electronic funds privately with no third party or
financial institution (Nakamoto, 2008). Before Bitcoin, all monetary transactions required an
intermediary (Ammous, 2019). Bitcoin’s proposed network of peers assigned hashes, or digital
(Nakamoto, 2008). Bitcoin transactions record anonymized, encrypted, linear blocks that chain
6
together, hence the term blockchain for distributed ledger technology (Hughes, Park, Kietzmann
& Archer-Brown, 2019). Bitcoin outlined the first use case for blockchain.
Despite blockchain’s anonymous nature, each transaction, or block, must pass a proof-of-
work system built on both trust and distributed consensus (Crosby et al., 2016) to ensure the
block’s validity (Ammous, 2019) and imperviousness to manipulation (Hughes et al., 2019).
Since each block must be proven or validated, new blocks cannot exist without prior verification
(Hughes et al., 2019). In the Bitcoin model, each peer in the network must record every
transaction so peers can publicly view transaction headers. With access to transaction headers or
wallet information, a.k.a. hashes, peers may contest transactions (Hughes et al., 2019). As new
transactions occur, new blocks store in the chain. Through the proof-of-work system, miners, or
transaction verifiers, may add new blocks to the chain only by solving cryptographic puzzles or
mathematical equations (Hughes et al., 2019). As new blocks appear, each block receives a
Figure 1 below illustrates how a blockchain transaction works. In step one, a peer or
node initiates a request for data from another peer or node. The transaction records to a data
block and every peer or node in the network receives a copy. As peers receive a copy of the
transaction block, they must provide proof-of-work that the transaction is valid. Once validated,
the transaction block adds itself to the existing blockchain, completing the transaction (“How
7
Figure 1. Illustration of how a blockchain transaction works. From How Blockchain
Architecture Works? Basic Understanding of Blockchain and its Architecture. (2018, July 10).
Retrieved from https://www.zignuts.com/blogs/how-blockchain-architecture-works-basic-
understanding-of-blockchain-and-its-architecture/
Although Nakamoto never used the term blockchain in his whitepaper, Bitcoin’s
technical features, including those described above, have since been used outside of the realm of
digital currencies based on the “realization that the underlying technology that operated bitcoin
could be separated from the currency and used for all kinds of other interorganizational
cooperation” (Gupta, 2017, p. 4). Blockchain proponents praise its technology for its digital
consensus model and promotion of anonymity, claiming it enables encrypted digital fingerprint
verification of any transaction linking any digital asset to multiple parties at any point in time
and business sectors, e.g., entrepreneurship, government, digital rights management, supply
chain management, energy, healthcare (Hughes et al., 2019). Industries such as these use
blockchain applications to establish smart contracts, secure medical records and devices, and
8
safely document property deeds (Shackelford & Myers, 2017). Such uses offer privacy
protection, theft deterrence, error or data manipulation reduction, and elimination of third-party
intermediation (Hughes et al., 2019). While the above applications warrant additional research,
the following literature review focuses on the many applications of blockchain technology to
cybersecurity.
The Internet of Things (IoT) is growing in mainstream acceptance (Khan & Salah, 2018).
Qian, Jiang, Chen, Zhang, Song & Zhou (2018) predict that, by 2020, more than 50 billion IoT
devices will connect over a vast network of smart environments for personal, business, and
government use. The IoT incorporates mechanisms and environments such as smart homes,
smart cars, smart cities, medical devices, and industrial control systems.
IoT security has serious risks and vulnerabilities, however (Qian et al., 2018), because its
technology is relatively new and largely misunderstood. Additionally, IoT systems frequently
market too quickly (Minoli & Occhiogrosso, 2018), thus disregarding IoT security issues.
Integrating blockchain into IoT can mitigate many of these risks (Minoli & Occhiogrosso, 2018),
in part by ensuring security, reliability and verifiability of IoT information. Furthermore, experts
believe that blockchain might improve IoT’s reliability, privacy, and scalability (Reyna, Martin,
Dyn DDoS and Mirai Botnet. In 2016, Dyn, Inc., a Domain Name System (DNS)
services and web application security company, received multiple distributed denial-of-service
(DDoS) attacks associated with the Mirai malware (Kshetri, 2017). Mirai malware built botnets
9
out of compromised Internet-connected IoT devices (Kshetri, 2017). Mirai exploited those
devices with default authentication credentials unchanged from manufacturer settings (Lewis,
2017). Events associated with the Mirai Botnet highlight a major security downfall related to
IoT devices. Since they depend on a centralized cloud, or single point of entry, a single
compromised device allows attackers to access multiple devices or an entire network of devices.
delivering superior security for devices connected to the IoT (Kshetri, 2017).
among IoT devices (Kshetri, 2017). Filament hardware lets computers, phones, and tablets
communicate safely and securely within a 10-mile radius using smart contracts that send
microtransactions (Rizzo, 2015). Filament’s leading hardware selections, Taps, are wireless
sensors that use blockchain to secure communication via unique identification and use smart
contracts to exchange values autonomously and automatically among nodes (Kshetri, 2017).
Since IoT typically depends on more vulnerable cloud services (Kshetri, 2017), Filament’s
decentralized approach to IoT greatly reduces the risk of device-tampering and ensures business
IBM. IBM is using its Watson technology to secure IoT devices (Kshetri, 2017). Watson
allows IoT devices to send transactional data to private blocks that store irreversible, tamper-
resistant ledgers (Mikell, 2018). Permissioned users can access IoT data and verify transactions,
ensuring accountability and eliminating need for centralized control (Mikell, 2018).
Supply Chain
and transfer of goods and services demands protection from cyberattacks, including tampering,
10
theft, and fraud (Hsieh & Ravich, 2017). From a national security perspective, supply chain
attacks threaten our national infrastructure and public safety (Hsieh & Ravich, 2017). From a
quality control perspective, cyberattacks on the supply chain disrupt the chain of custody,
eroding confidentiality, integrity, and availability of data (Mylrea & Gourisetti, 2018).
Blockchain certifies data integrity in the supply chain through identity verification within
the chain of custody (Mylrea & Gourisetti, 2018). Blockchain’s panacea for supply-chain
security involves the merging of all data transactions into a single, decentralized network that
supply-chain security solutions allow those with permissioned access - auditors, customers,
Walmart. While food quality may not at first appear to be a direct cybersecurity issue,
data related to food supply chains relate closely to data privacy and integrity, specifically
regarding the supply chain. Walmart integrated IBM’s Watson IoT solutions into its supply
chain management IT systems to ensure food quality, origin tracking, and waste reduction
(Hackius & Petersen, 2017). Pilot programs use a blockchain superordinate ledger to
transparently log and trace movement of food items (Hackius & Petersen, 2017). Walmart and
IBM record shipping details, store and farm origins, expiration dates, and other vital food supply
(Hackius & Petersen, 2017) in a peer-to-peer network. Use of blockchain for food supply chains
enables Walmart to verify food quality by tracing the origin of foodborne illness and reducing
11
Provenance. This startup uses public blockchains Bitcoin and Ethereum to secure the
supply chain (Allison, 2016). Provenance is now developing a blockchain-based application that
offers consumers transparency and visibility as products move across the supply chain (Kshetri,
2017). The goal is to provide the customer with a record of their product’s journey from
beginning to end (O’Brien, 2018). Additionally, Provenance seeks to ensure authorization of all
supply chain transactions, keeping them free from adversaries or malicious actors (“Blockchain:
Government
On May 11, 2017, President Donald J. Trump issued a “Presidential Executive Order on
2017). The following May, the Office of Management and Budget (OMB) released a “Federal
Cybersecurity Risk Determination Report and Action Plan” outlining alarming statistics about
the U.S. government’s ability to defend itself against cyberattacks (Daley, 2019). The report
acknowledged that most U.S. federal agencies could not detect and respond to cyber intrusion or
use effective encryption methods (Office of Management and Budget, 2018). Furthermore, 38%
governments across the globe continue to modernize, they must incorporate emerging
technologies into public service improvements while establishing and increasing trust in the
public sector (Carter & Ubacht, 2018). Blockchain can conceivably transform the way
governments operate through the reduction of corruption and the enhancement of trust (Carter &
Ubacht, 2018). Blockchain offers governments the opportunity to provide transparent services,
delivering data integrity and stifling fraud and data manipulation (Carter & Ubacht, 2018). The
12
following state and national governments are just a few of those considering wide-scale adoption
of blockchain technology.
The State of Colorado. On May 7, 2018, the Colorado State Senate passed Senate Bill
18-086, which directs State offices and agencies to consider blockchain-based solutions for
protecting government documents (Huillet, 2018). The bill cites DLT as a possible way to
reduce fraud, malicious infiltration, and falsification of data (S.B. 18-086). The City of Denver
is currently piloting a program that permits absentee voters to cast their votes through a
blockchain-based mobile application (De, 2019). Supporters believe that blockchain voting
promotes a form of transparent voting that authenticates and audits all votes and secures them
Australian dollars (AUD) to the Digital Transformation Agency (DTA) for investment in
research and development of blockchain technology for the improvement of government services
of Home Affairs (DHA) proposed merging blockchain with artificial intelligence (AI) and IoT to
secure and streamline international trade (Comben, 2018). More recently, Australia teamed with
IBM to invest $1 billion AUD into blockchain solutions for cybersecurity (Comben, 2018).
for government (Tendon, 2018). The Maltese Parliament recently approved the Malta Digital
Innovation Authority Act, the Innovative Technological Arrangement and Services Act, and the
Virtual Financial Asset Act, all of which establish an official governmental regulatory regime for
blockchain and DLT (Pace, 2018). Malta’s existing blockchain strategy includes efforts to
13
improve and secure both public services and registries, offer digital identities and e-residency
status to individuals and legal entities, and develop a system of smart governance built on smart
Estonia. Estonia, a very technologically advanced nation, offers vehicle registration, tax
and most other government services online (Kaljulaid, 2019). Due to the sensitivity of data
involved with transactions between the government and its citizens, the Estonian government
uses blockchain technology to safeguard that data (Kaljulaid, 2019). Data stored in public
On November 16, 2017, the U.S. Senate approved a $700 billion defense authorization
bill that required the Department of Defense (DoD) to research cybersecurity applications of
blockchain technology and other DLTs (Curran, 2017). The bill commanded the DoD to plan for
government agency adoption of blockchain technology for assessment of and protection against
agencies and contractors in the aerospace and defense sectors conduct research into blockchain
NASA. On January 10, 2019, the National Aeronautics and Space Administration
authentication, and privacy that uses permissioned blockchains to anonymize and secure air-
traffic control communication (Zmudzinski, 2019). The proposal came in response to the
Federal Aviation Administration’s (FAA) mandate that all aircraft accept the Automatic
Dependent Surveillance Broadcast (ADS-B) by the year 2020 (Reisman, 2019). ADS-B
14
disregards recognized threats and vulnerabilities, including denial of service (DoS) and false
Hyperledger Fabric blockchain framework, which allows air traffic controllers to conduct private
transactions via private channels (Reisman, 2019). The private channels enable the transmission
of private keys encrypted and shared with member peers, which promotes anonymity,
DARPA. The Defense Advanced Research Projects Agency (DARPA), which assisted
in the Internet’s design, is researching uses of blockchain technology to secure the defense sector
(Wong, 2016). Since much classified information surrounds critical defense data, data integrity
is crucial to national security (Hamilton, 2018). Blockchain will let DARPA detect information-
meddling or unauthorized intrusion efforts by tracking and instantly verifying the validity of
information (Hamilton, 2018). To do so, the agency teamed up with Galois to test block cipher
modes that use symmetric key block algorithms to ensure confidentiality and authentication
(Dworkin, 2017). Block cipher modes integrate blockchain with coding to create immutable
technology distributes messages between the sender to the receiver across multiple channels
within a decentralized ledger (Curran, 2017). This greatly reduces hackers’ interference with
15
Lockheed Martin and Guardtime Federal. Lockheed Martin collaborated with
Guardtime Federal to become the first U.S. defense contractor to adopt blockchain technology
for cybersecurity (PRNewswire, 2018). While specific applications are unclear, Lockheed
Martin and Guardtime Federal collaborated on Cyber Aware Systems Engineering, which
partially used blockchain to improve data integrity and reduce cyber risk (PRNewswire, 2018).
The two companies seek to use blockchain to ensure that malicious actors do not interfere with
Healthcare
share and store patients’ personally identifiable information (PII) and sensitive medical records
(McGhin, Choo, Liu & He, 2019). PII and medical data must be protected under the Health
Insurance Portability and Accountability Act (HIPAA) (McGhin et al., 2019). As a result, the
healthcare industry requires medical data to be secure, authenticated, interoperable, and mobile
(McGhin et al., 2019). Naturally, careless sharing of medical records can adversely affect the
confidentiality, integrity, and availability of data (McGhin et al., 2019). Blockchain solutions
offer the healthcare industry both decentralized storage and authentication through applications
that use smart contracts and deliver identity management, verification, and fraud detection
centralized healthcare data-sharing (McGhin et al., 2019). They created a shared network
decentralized, real-time, and transparent medical data (McGhin et al., 2019). All healthcare
professionals in the network may access the same accurate, up-to-date information (McGhin et
16
al., 2019). A streamlined, peer-to-peer approach to patient data-sharing greatly reduces risks
associated with inaccurate medical information and provider negligence (McGhin et al. 2019).
OmniPHR. Like the Gem Health Network, Roehrs, da Costa, & Righi (2017) developed
access to patient healthcare records across various healthcare providers (McGhan et al., 2019).
OmniPHR uses blockchain technology to hierarchically store and encrypt personal health records
across distributed blocks of chained data, verifying user identities through defined roles and
responsibilities. The hierarchical organization of data blocks allows for data interoperability
across multiple users and platforms in a peer-to-peer network (McGhin et al., 2019).
Medrec. Medrec also uses blockchain for decentralized management and storage of
electronic medical records. Here, blockchain assigns data ownership and permissioned access to
members of a peer-to-peer network, while Ethereum-based smart contracts allow for automation
and tracking of all data transactions, including viewer permission changes, new medical record
additions, and data and record sharing authorization. The Medrec model permits both providers
and patients to safely share data, eliminating the single point of entry or failure (McGhan et al.,
2019).
17
DISCUSSION OF FINDINGS
Major Findings
This capstone project identified and presented DLT and blockchain-based applications
for cybersecurity and data protection. Through analysis of various organizations and use cases,
the literature review showed whether current or proposed blockchain applications provide a
viable alternative to the conventional system of defense against cyberattacks. To address this
3. What are the risks or barriers to adapting these technologies for cybersecurity?
state and federal legislation, and digital news articles pertaining to cybersecurity and blockchain
technology. Most scholarly works referenced in this project were highly technical, primarily
focusing on blockchain relative to cryptocurrency. Those referenced works that did focus on
blockchain for cybersecurity generally cited individual applications, use cases, and industries.
As such, the literature review attempted to curate information from various detailed sources to
give the reader a broader, more global understanding of blockchain for cybersecurity.
The literature review presented various themes relating to the research questions: (1)
what blockchain and DLT are and how their decentralized and distributed design presents
promising applications for the cybersecurity industry; (2) blockchain’s specific benefits for
cybersecurity and various organizations’ adaptation of the technology to achieve various ends;
and (3) that only a handful of organizations are early adopters of blockchain for cybersecurity,
which indicates that blockchain has not yet entered the mainstream.
18
Theme 1: Blockchain and DLT Present Promising Applications for Cybersecurity
RQ1: What are the potential applications of blockchain and DLT in cybersecurity?
financial services, the literature review uncovered sectors and use cases of blockchain
technology for non-currency cybersecurity applications. The above research suggested that,
among industries now using or testing blockchain cybersecurity solutions, IoT security, supply
significantly (Kshetri, 2017). While these industries are not alone in their research and
development into blockchain’s cybersecurity potential, they are leading the advancement of a
IoT Security
The IoT has expanded for personal use in the home and continues to be common in
military and healthcare applications (Taylor et al., 2019). Blockchain IoT applications provide
access control that prevents malicious activity, device identification, and authentication (Taylor
et al., 2019). More importantly, blockchain for IoT secures the transfer of data among IoT
applications for secure communication among connected IoT devices, as well as individuals.
DARPA developed and tested blockchain messaging applications to prevent interception and
communications. Filament applied blockchain’s encryption and smart contract capabilities to the
19
Data Sharing and Storage
Distributed ledgers eliminate the single point of entry or failure, decreasing the
applications allow for safe, secure data storage. If data receive cryptographic hashes, data
transactions are verified and protected from unauthorized access (Taylor et al., 2019).
Blockchain encryption ensures that peers can fully control their data and track their movement
(Taylor et al., 2019). The literature review reveals the usefulness of data storage and sharing
applications for voting and government services, medical records, and supply chains.
Voting and government services. The State of Colorado and the City of Denver
demonstrate potential and existing blockchain applications for digitally protecting government
documents and securing the voting process (De, 2019). Australia, Malta, and Estonia have
integrated blockchain security into many government services to secure transactions between
governments and citizens. Finally, the use cases in government outlined the potential for
blockchain applications to apply smart contracts to government services and to assign unique
Medical records. Companies such as OmniPHR, Medrec, and the Gem Health Network
demonstrated blockchain’s capacity to secure medical data and PII. A decentralized approach to
medical data sharing can assure patients and healthcare professionals that data remain private
and tamper-proof (McGhin et al., 2019). Nearly all blockchain applications within the healthcare
industry promote data security and integrity regarding medical records and patient personal data.
Supply chain. As we learned from the use cases involving blockchain for such supply
blockchain in the supply chain is provision of transparency and protection against data-
20
tampering. Walmart’s piloted blockchain applications allows for the tracking of the transfer of
data related to goods and services. This not only ensures quality, but also reduces potential for
RQ2: How will wider adoption of these technologies affect cybersecurity industries?
The literature review outlined blockchain applications and use cases that presented promising
solutions for the cybersecurity industry. Development across various sectors showed
blockchain’s unlimited potential to provide data protection and security in diverse areas. The
above research specifically exhibited blockchain’s capacity to provide organizations with data
integrity, fraud detection and prevention, scalability, traceability, and privacy protection.
Cyber threat mitigation. From a global threat mitigation perspective, research showed
that blockchain technology brings protection from cyberattacks associated with a single point of
entry. For example, the traditional, centralized architecture of cloud-based IoT systems gives
malicious actors a single point of entry, or a single point of failure, into multiple connected
exploit vulnerabilities and launch DDoS attacks at a mass scale (Qian et al., 2018). The
literature review explored the Mirai Botnet, which exploited compromised IoT devices to launch
massive DDoS campaigns. Blockchain’s decentralized approach records and stores data as
unique, individual transactions that are encrypted, replicated, and shared among peers rather than
managed by a central authority. This eliminates the single point of failure associated with many
21
Identity management: Verification, validation, authentication. Mainstream adoption of
blockchain technology can help the cybersecurity industry to verify, validate, and authenticate
users and user data. Rather than centralized reliance on a singular monitor or external authority,
allows anyone to monitor and verify transactions (Shackelford, 2018). Blockchain’s ability to
assign unique hashes to all transactions lets peers compare hashes, thus reducing the chance of
fraudulent activity (Mire, 2019). Verification suits not only identities and transactions but also
software downloads and updates, which occasionally contain malware (Mire, 2019). Blockchain
verification lets users compare hashes with developer hashes to validate that no malware is
present (Mire, 2019). These key features appeared in nearly all use cases in the literature review.
Supply chains, healthcare, IoT, government, aerospace and defense can all greatly benefit from
particularly within healthcare and government. In both sectors, where sensitive personal data are
highly valuable to hackers and fraudsters, blockchain provides the encryption and authentication
capabilities necessary to protect personal information. Through private keys and permissioned
access, organizations can protect the valuable data they must keep safe (Maull et al., 2017).
Decentralized data storage. Billions of individuals share and store their personal data
online. Nevertheless, centralized cloud solutions are often vulnerable to cyberattacks and
privacy violations when a third-party central authority controls the data (Crosby et al., 2016). If
malicious actors gain access to that central authority, malicious actors can compromise personal
data. Decentralized data storage enables the cybersecurity industry to distribute and encrypt
data, manage access to them, and prevent unauthorized intrusion into them.
22
Transparency. The public sector, as we have seen in Colorado, Australia, Estonia, Malta
strength. The use of blockchain technology to secure public service transactions means that
immutable data blocks are recorded, stored, and accessible to stakeholders (Carter & Ubacht,
2018). Additionally, every blockchain transaction can be traced back to the initiator of the
transaction (Reyna et al., 2018). This not only protects private data from wrongful intrusion and
manipulation, but also helps to eradicate corruption and fraud at the governmental level, vastly
sealing, and time-stamping preserve data transaction validity. Data recorded into the blockchain
chronological storing and hashing, which allow easy auditing and tracking of transactions (Carter
& Ubacht, 2018). This is particularly useful in government services and supply chains, where
anonymity and privacy with positive implications remain for the cybersecurity industry. In a
(Carter & Ubacht, 2018). Anonymity is particularly useful in aerospace, military, and defense
blockchain applications, such as MedRec, greatly aid data-sharing and data privacy over a
23
Theme 3: Blockchain Adoption Has Not Entered the Mainstream
RQ3: What are the risks or barriers to adapting these technologies for
cybersecurity? As the literature review illustrated, although several sectors and select
solutions will not enter the mainstream for a long time. Despite their many positive attributes for
cybersecurity, challenges, risks, and limitations to wide-scale adoption endure (Crosby et al.,
2016), including high overhead costs, lack of standardization, data and privacy leakage, and
inefficient key management (McGhin et al., 2019). Moreover, mainstream blockchain adoption
2016). The adoption of new innovations occurs at varying rates, “from early innovators to late
laggards” (Woodside et al., 2017, p. 68). The use cases and applications outlined in this paper
exhibited many of the early innovators of blockchain for cybersecurity. Potentially late adopters,
however, will more likely balk at the following risks and barriers to mainstream adoption.
continue to develop new and groundbreaking applications, a standard set of practices will not
likely emerge (McGhin et al., 2019). Lack of standardization foils mainstream adoption,
requiring potential blockchain adopters for cybersecurity to explore new territories and develop
their own unique standards of practices (McGhin et al., 2019). Until technological practice
24
Drawbacks to decentralization. Though one of blockchain’s most valued attributes,
decentralization has its flaws. A major risk to decentralized data storage is the possibility of data
loss or leakage (McGhin et al., 2019). Within healthcare in particular, highly sensitive data may
leak in a blockchain system, since users retrieve data from public, distributed ledgers (McGhin et
al., 2019). Although users must authenticate, verify identity, and decrypt data, decentralized
storage risks the transmission of the wrong information into the wrong hands (McGhin et al.,
2019).
Key management. Blockchain solutions necessitate private and public key encryption for
sharing and access control (McGhin, 2019). Applying public and private keys to blockchain
solutions is challenging, however. As McGhin et al. (2019) suggests, a single key for all blocks
creates a single point of entry, which negates any benefit of blockchain’s distributed nature. Yet
a single key for each block is impractical from a cost/benefit perspective, as storing and
recovering large numbers of keys requires ample time and resources (McGhin, 2019).
Overhead and scalability. On a related note, overhead cost and scalability is a major
challenge to widespread blockchain adoption. The literature review demonstrated that mostly
major corporations and governments are testing for blockchain cybersecurity solutions, likely
due to the extremely high overhead cost associated with bandwidth and other computational
requirements (McGhin, 2019). IoT devices are limited in their computational and processing
capabilities, so applying blockchain solutions to IoT security can drastically affect device
performance (McGhin, 2019). Until we address the issues of overhead and scalability,
blockchain for IoT requires considerable time and resources, which may not work for smaller
organizations. Also, adoption of blockchain or any new technology requires bootstrapping or the
25
migration and transfer of resources to a new technology, which may be costly and time-
Resistance to change. Blockchain, like any new technology, will always have
innovators, early adopters, early and late majorities, and laggards (Woodside et al., 2017). As
blockchain solutions multiply, many will doubt its effectiveness. To accept and adopt any new
technology requires openness and willingness to change (Crosby et al., 2016). As more
organizations appropriate blockchain solutions, attitudes toward mainstream adoption will likely
change.
government agencies will likely introduce laws and legislation to oversee and police the use of
the technology. While it may initially slow the growth of blockchain, government regulation
may in fact promote long-term trust in it (Crosby et al., 2016). Likewise, use of unregulated
cryptocurrency applications, as well as the financial services sector. Although research into
blockchain’s cybersecurity applications does exist, much of the referenced material in the
organizations, or sectors. Additionally, much of the research into blockchain technologies was
highly technical, primarily focusing on blockchain architecture and capability. Few referenced
materials revealed the specific applications of blockchain for cybersecurity across various
26
industries and sectors. In contrast, the research for this capstone project largely focuses on the
The primary limitation of this study pertains to blockchain’s immaturity as a solution for
cybersecurity and data privacy. Most use cases in the literature review were merely proposals,
pilot programs, or applications in infancy development stages. Thus, many of the proposed
benefits of blockchain for cybersecurity are largely speculative, and their real-world implications
will remain unclear until early adopters conduct further research and development. On a related
note, organizations adopting blockchain technology may be less than willing to provide
transparency into their cybersecurity strategy, for fear both attackers and competition will gain
an unfair advantage.
A secondary limitation to this study involved the industries, organizations, and sectors
not included in the literature review. Additional literature suggests that blockchain solutions can
profoundly affect data privacy relating to a variety of other industries and applications, including
real estate, intellectual property, intelligent transportation systems, aviation, smart homes, smart
property, money lending, asset management, and notary public. The scope of the research
presented in this Capstone Project did not include applications and use cases related to all
industries and sectors. However, future research could explore blockchain and DLT’s potential
impact on cybersecurity and data privacy relating the other industries, sectors, and applications
Lastly, insight into the specific use cases outlined in this project was somewhat limited.
While a majority of the projects and proposals outlined in the literature review came from
scholarly sources, in some cases, information on the specifics of blockchain projects was lacking.
27
This can be justified as organizations must keep their own best interests at the forefront of
28
CONCLUSION
The purpose of this Capstone Project was to examine blockchain technology’s existing
and potential applications for cybersecurity across various industries and sectors, from private
corporations, to government agencies and beyond. More importantly, the goal of this project
issues related to cybersecurity. The project mainly focused on the budding technology’s
promising applications for the prevention of data tampering, data theft, and various other
cyberattacks. Through careful analysis of specific cybersecurity blockchain applications and use
cases, this Capstone Project determined, while blockchain technology does provide a viable
alternative to the conventional system of defending against cyberattacks, blockchain has not
The literature review revealed that, despite its initial application as the technology behind
cryptocurrencies, blockchain technology does in fact offer practical cybersecurity and data
protection applications. Research indicated that such practical applications are most evident
within the fields of IoT, Supply Chain, Government, Healthcare, Military, Aerospace, and
Defense. These industries have proven, through pilot programs and both independent and
government sponsored research and development, that blockchain can be a powerful tool in
preventing foreign intrusion into private networks that house highly sensitive data through
technology that present some of the most positive implications for the cybersecurity industry.
data, and mitigating cyber threats associated with centralization. Additionally, blockchain
29
provides verification, validation, and authentication, ensuring both user and data integrity and
preventing data theft and/or tampering. Lastly, the proof-of-work system and distributed
application use cases, the discussion of findings uncovered several risks and barriers to
mainstream adoption. Risks and barriers included a lack of standardization, difficult key
management, high overhead costs, overwhelming bandwidth requirements, the human tendency
to resist change, and a lack of government regulation. Perhaps these barriers reveal why the
most notable early innovators and adopters of blockchain technology for cybersecurity have been
major corporations and government entities that possess the capital and willingness to do so.
At the time of this writing, as more organization continue to explore blockchain solutions
for cybersecurity, it will likely remain a solution only for those willing to take on the risks and
overcome the barriers to entry. Each individual use case presented in this Capstone Project
represents an innovator or an early adopter. Innovators are typically far more adventurous,
technologically savvy, and more willing to fail due to “significant financial backing” (Woodside
et al., 2017, p. 68). Similarly, early adopters are more willing to overlook many of the risks
associated with adopting new technologies (Woodside et al., 2017). Currently, most
organizations would likely fall into the category of laggards when it comes to mainstream
does in fact present a viable alternative to conventional cybersecurity practices. However, due to
the many challenges and risks that stand in the way of mainstream adoption, it is unlikely
30
blockchain will emerge from its infancy for some time. Until mainstream adoption, blockchain’s
features can be utilized by those willing to strengthen systems and protect them from cyber
threats at all costs (Rawat et al., 2019). For those innovators and early adopters, such as the ones
outlined in this project, blockchain technology will remain one of many potent tools to
incorporate into an organization’s cybersecurity arsenal. That said, while blockchain is not a
perfect cybersecurity solution, those organizations that utilize the technology can rest assured
that data is significantly more secure from theft, fraud, tampering, or manipulation.
31
REFERENCES
Allison, I. (2016, January 13). Provenance has a big year ahead delivering supply chain
transparency with Bitcoin and Ethereum. International Business Times. Retrieved from
https://www.ibtimes.co.uk/provenance-has-big-year-ahead-delivering-supply-chain-
transparency-bitcoin-ethereum-1537237
Ammous, S. (2019). Blockchain technology: What is it good for? Banking & Finance Law
Review, 34(2), 239-251. Retrieved from
https://search.proquest.com/docview/2207838734?accountid=28902
Arnold, A. (2019, January 02). Here’s why more enterprises are considering blockchain as data
privacy solution. Forbes. Retrieved from
https://www.forbes.com/sites/andrewarnold/2019/01/02/heres-why-more-enterprises-are-
considering-blockchain-as-data-privacy-solution/#70891e7bcb73
Australian Government, Digital Transformation Agency. (2018, May 08). Budget 2018–19 for
the DTA. Retrieved from https://www.dta.gov.au/news/budget-2018-19-dta
Back, A. (2019, February 25). Difference between blockchain & distributed ledger technology?
The Blockchain Review. Retrieved from https://medium.com/blockchain-review/whats-
the-difference-between-blockchain-distributed-ledger-technology-19407f2c2216
Comben, C. (2018, August 14). 5 signs that blockchain innovation is booming in Australia.
Coin Central. Retrieved from https://coincentral.com/blockchain-innovation-in-australia/
Crosby, M., Pattanayak, P., Verma, S., & Kalyanaraman, V. (2016). Blockchain technology:
Beyond bitcoin. Applied Innovation, 2(6-10), 71.
Curran, J. (2017, November 20). Congress wants DoD to spill on plans for blockchain security.
MeriTalk. Retrieved from https://www.meritalk.com/articles/congress-wants-dod-to-
spill-on-plans-for-blockchain-security/
32
Daley, S. (2019, March 16). Wallets, hospitals and the Chinese military: 19 examples of
blockchain cybersecurity at work. Built In. Retrieved from
https://builtin.com/blockchain/blockchain-cybersecurity-uses
De, N. (2019, March 07). City of Denver to Pilot blockchain Voting App in Coming Elections.
Retrieved from https://www.coindesk.com/city-of-denver-to-pilot-blockchain-voting-
app-in-coming-elections
Dworkin, M. (2017, January 4). Block cipher techniques: Block cipher modes. (2017, January
4). Computer Security Resource Center, National Institute of Standards and Technology.
Retrieved from https://csrc.nist.gov/projects/block-cipher-techniques/bcm
Gupta, V. (2017). A brief history of blockchain. Harvard Business Review, 28. Retrieved from
https://hbr.org/2017/02/a-brief-history-of-blockchain
Hackius, N., & Petersen, M. (2017). Blockchain in logistics and supply chain: trick or treat?
In Proceedings of the Hamburg International Conference of Logistics (HICL) (pp. 3-18).
epubli.
Hamilton, D. (2018, October 02). DARPA blockchain programs. Coin Central. Retrieved
from https://coincentral.com/darpa-blockchain-programs/
How blockchain architecture works? Basic Understanding of Blockchain and its Architecture.
(2018, July 10). Retrieved from https://www.zignuts.com/blogs/how-blockchain-
architecture-works-basic-understanding-of-blockchain-and-its-architecture/
Hughes, A., Park, A., Kietzmann, J., & Archer-Brown, C. (2019). Beyond bitcoin: What
blockchain and distributed ledger technologies mean for firms. Business Horizons, 62(3),
273-281. doi:10.1016/j.bushor.2019.01.002
Huillet, M. (2018, May 08). Colorado passes bill advocating blockchain for gov’t data
protection and cyber security. CoinTelegraph, the Future of Money. Retrieved from
https://cointelegraph.com/news/colorado-passes-bill-advocating-blockchain-for-govt-
data-protection-and-cyber-security
Hsieh, M., & Ravich, S. (2017). Leveraging blockchain technology to protect the national
security industrial base from supply chain attacks. Research memo, Foundation for
Defense of Democracies.
Khan, M., & Salah, K. (2018). IoT security: Review, blockchain solutions, and open challenges.
Future Generation Computer Systems, 82, 395-411. doi:10.1016/j.future.2017.11.022
33
Kshetri, N. (2017). Blockchain’s roles in strengthening cybersecurity and protecting privacy.
Telecommunications Policy, 41(10), 1027-1038. doi:10.1016/j.telpol.2017.09.003
Kshetri, N. (2017). Can blockchain strengthen the Internet of things? IT professional, 19(4), 68-
72. doi:10.1109/MITP.2017.3051335
Lewis, D. (2017, October 23). The DDoS attack against Dyn one year later. Forbes. Retrieved
from https://www.forbes.com/sites/davelewis/2017/10/23/the-ddos-attack-against-dyn-
one-year-later/#2dd890731ae9
Maull, R., Godsiff, P., Mulligan, C., Brown, A., & Kewell, B. (2017). Distributed ledger
technology: Applications and implications. Strategic Change, 26(5), 481-489.
McGhin, T., Choo, K., Liu, C., & He, D. (2019). Blockchain in healthcare applications:
Research challenges and opportunities. Journal of Network and Computer
Applications, 135, 62-75. doi:10.1016/j.jnca.2019.02.027
Mikell, M. (2018, June 12). S.A.V.E. from IoT: Trust and tracking from a new IoT Blockchain
Service. IBM Internet of Things Blog. Retrieved from
https://www.ibm.com/blogs/internet-of-things/iot-new-blockchain-service/
Minoli, D., & Occhiogrosso, B. (2018). Blockchain mechanisms for IoT security. Internet of
Things, 1-2, 1-13. doi:10.1016/j.iot.2018.05.002
Mire, S. (2019, June 18). Blockchain in cybersecurity: 10 possible use cases. Disruptor Daily.
Retrieved from https://www.disruptordaily.com/blockchain-use-cases-cyber-security/
Morkunas, V., Paschen, J., & Boon, E. (2019). How blockchain technologies impact your
business model. Business Horizons, 62(3), 295-306. doi:10.1016/j.bushor.2019.01.009
Mylrea, M., & Gourisetti, S. N. G. (2018, August). Blockchain for supply chain cybersecurity,
optimization and compliance. In 2018 Resilience Week (RWS) (pp. 70-76). IEEE.
O’Brien, C. (2018, December 09). Startup of the week: provenance. The Innovator. Retrieved
from https://innovator.news/startup-of-the-week-provenance-2396dc13f7a0
Office of Management and Budget. (2018, May). Federal Cybersecurity: Risk Determination
Report and Action Plan. Washington, DC: Executive Office of the President of the
United States. Retrieved from https://www.whitehouse.gov/
Qian, Y., Jiang, Y., Chen, J., Zhang, Y., Song, J., Zhou, M., & Pustišek, M. (2018). Towards
decentralized IoT security enhancement: A blockchain approach. Computers and
Electrical Engineering, 72, 266-273. doi:10.1016/j.compeleceng.2018.08.021
34
Pace, Y. (2018, July 04). Roads agency, blockchain regulatory framework approved by
Parliament. Malta Today. Retrieved from
https://www.maltatoday.com.mt/news/national/87998/roads_agency_blockchain_regulato
ry_framework_approved_by_parliament#.Wz81W9IzZ0x
Patel, C., & Doshi, N. (2019). Security challenges in IoT cyber world. In Security in Smart
Cities: Models, Applications, and Challenges, Hassanien, A. E., Elhoseny, M., Ahmed,
S. H., & Singh, A. K. (Eds.) (pp. 171-191). New York, NY: Springer.
Primas. (2018, June 13). Data privacy & decentralization. Hacker Noon. Retrieved from
https://hackernoon.com/data-privacy-decentralization-2f894c5d9a25
PRNewswire. (2018, July 09). Lockheed Martin partners with Guardtime Federal for innovative
cyber technology. Lockheed Martin. Retrieved from
https://news.lockheedmartin.com/2018-07-09-Lockheed-Martin-Partners-with-
Guardtime-Federal-for-Innovative-Cyber-Technology
Rawat, D. B., Chaudhary, V., & Doku, R. (2019). Blockchain: Emerging Applications and Use
Cases. arXiv preprint arXiv:1904.12247.
Reyna, A., Martín, C., Chen, J., Soler, E., & Díaz, M. (2018). On blockchain and its integration
with IoT challenges and opportunities. Future Generation Computer Systems, 88, 173-
190. doi:10.1016/j.future.2018.05.046
Rizzo, P. (2015, August 19). Filament nets $5 million for blockchain-based Internet of Things
hardware. CoinDesk. Retrieved from https://www.coindesk.com/filament-nets-5-
million-for-blockchain-based-Internet-of-things-hardware
Roehrs, A., da Costa, C. A., & Righi, R. D. R. (2017). OmniPHR: A distributed architecture
model to integrate personal health records. Journal of Biomedical Informatics, 71, 70-81.
doi:10.1016/j.jbi.2017.05.012
Shackelford, S. J., & Myers, S. (2017). Block-by-block: Leveraging the power of blockchain
technology to build trust and promote cyber peace. Yale JL & Tech., 19, 334. Retrieved
from https://digitalcommons.law.yale.edu/yjolt/vol19/iss1/7/
Tendon, S. (2018, February 23). Malta’s national blockchain strategy: The big picture. Chain
Strategies. Retrieved from https://chainstrategies.com/2018/02/18/maltas-national-
blockchain-strategy-the-big-picture/
Trump, D. J. (2017, May 11). Executive order no. 13800: Strengthening the cybersecurity of
federal networks and critical infrastructure. Federal Register. Retrieved from
35
https://www.federalregister.gov/documents/2017/05/16/2017-10004/strengthening-the-
cybersecurity-of-federal-networks-and-critical-infrastructure
Wong, J. I. (2016, October 10). Even the US military is looking at blockchain technology—to
secure nuclear weapons. Quartz. Retrieved from https://qz.com/801640/darpa-
blockchain-a-blockchain-from-guardtime-is-being-verified-by-galois-under-a-
government-contract/
Wood, G., Meiklejohn, S., Buchanan, A., Brewster, C., Laughlin, H., Green, N., & Mallet, P.
(2015, November 21). Blockchain: The solution for supply chain transparency.
Provenance. Retrieved from https://www.provenance.org/whitepaper
Woodside, J. M., Augustine Jr., F. K., & Giberson, W. (2017). Blockchain technology
adoption status and strategies. Journal of International Technology and Information
Management, 26(2), 65-93.
Workie, H., & Jain, K. (2017). Distributed ledger technology: Implications of blockchain for
the securities industry. Journal of Securities Operations & Custody, 9(4), 347-355.
Zmudzinski, A. (2019, January 11). NASA publishes proposal for air traffic management
blockchain based on HyperLedger. CoinTelegraph, the Future of Money. Retrieved
from https://cointelegraph.com/news/nasa-publishes-proposal-for-air-traffic-
management-blockchain-based-on-hyperledger
36