THE

BLEEDING
EDGE

Blockchain: Love It or Hate It,

It’s Here
I have noticed that the mere mention of the word blockchain works. We can easily see the benefit of
“blockchain” elicits a myriad of responses among storing data this way. If a person or process were to
Do you have
groups of IT security professionals. I find that some go back and change even one bit of data within the
something
individuals roll their eyes, murmuring disapproving chain, it would completely change the subsequent to say about this
phrases such as, “It’s just a glorified database.” Others entries and data in the chain and could be easily article?
will go on excited tangents about how much detected and neutralized. Blockchain also creates
cryptocurrency they own, and then every reaction in the capability to quickly check the legitimacy of a Visit the Journal pages
of the ISACA® website
between. Putting aside personal beliefs, technological copy of the data by looking at the most recent hash
(www.isaca.org/journal),
prejudices, and hopes of retiring early with all the of the most recent block. The largest test case for
find the article and click
sweet cash to be made in the crypto market, this idea has been implemented with on the Comments link to
blockchain technology is here, and it is starting to be cryptocurrency in a public blockchain. share your thoughts.
taken seriously by numerous industries.
Public blockchains such as Bitcoin attempt to https://bit.ly/2SbT5Fb
Why is this seemingly simplistic and somewhat create trust in a trustless network. In other words,
untested technology beginning to take hold? It is anyone around the world with a computer can join
almost impossible to go to an information security the Bitcoin blockchain and store a full copy of the Dustin Brewer,
conference without seeing at least a few talks on current ledger on their system (which is about CSX-P, CCSP, CEH,
blockchain on the agenda. Questions such as, “How 250,000 MB in size as of the writing of this article1) CHFI 
can we use blockchain?” are starting to become and contribute to the ledger. However, the use of As ISACA’s principal
more prevalent from upper management and C- private blockchains where the entity using the futurist, he explores and
suite levels. Before we can answer that question, technology owns all the hardware being used to produces content for
let’s look at some of the basics. store, calculate and maintain the chain is beginning the ISACA® community
to take hold in several industries. on the utilization
benefits and possible
Blockchain Breakdown threats posed by
Innovations With Blockchain emerging technologies
If you have heard the term, but still do not feel like
to current infrastructure.
you quite get it, here is a quick example. Massachusetts General Hospital (USA) is teaming
He has 17 years of
up with Korean startup MediBloc to safely track and
experience in the IT field
Take some data (any data will do) and call them a distribute patient information within the hospital’s beginning with
block. Now, send that block of data through a hashing information systems.2 If every patient’s diagnoses, networks, programming
algorithm. Take the hash digest from the block and procedures, medication dosage, wait time and care and hardware
put it in the next block of data and hash that data. We provider is stored in a quickly distributed and specialization. He
have now created a blockchain (figure 1). immutable way, it may be possible to track and even excelled in
prevent mistakes. This implementation is currently cybersecurity while
Figure 1—Creating a Blockchain in its testing phase and has not been fully adopted. serving in the US
military and, later, as an
Block 0 Hash Block 1 Hash independent contractor
Blockchain is being used in supply chain as well.
Block 0 Data Block 1 Data Block 2 Data and lead developer for
Walmart Canada and DLT Labs launched a freight defense contract
Hashing Hashing
and payment network.3 This implementation of agencies, he specialized
blockchain is being used in Walmart Canada’s in computer networking
This is a bit oversimplified, and there are more production environment and keeps track of security, penetration
complex data structures and functionalities that numerous aspects of the supply chain, including testing, and training for
modern blockchains contain such as Ethereum’s shipping details and account information. The various US Department
capabilities for smart contracts. However, this is a benefit here is keeping track of assets as well as of Defense (DoD) and
commercial entities.
good place to start when trying to understand how goods and payments within a blockchain.
Brewer can be reached
at futures@isaca.org.

ISACA JOURNAL VOL 2 11

 Institute of Standards and Technology (NIST)5 and
the International Organization for Standardization
(ISO)6 in the near future.

Blockchain technology still utilizes classic computer

systems, networks and software. Some of the
software is proprietary and the hardware specific, but
we are still talking about everyday information
systems that are vulnerable to attack and
exploitation. We have only scratched the surface of
possible vulnerabilities within blockchain itself.

Blockchain also brings its own unique technical

challenges and drawbacks, such as the continuous
need for storage capacity and cryptologic
It would be remiss of me not to at least mention obsolescence, which may prove problematic over
Enjoying blockchain’s usefulness in the financial sector and the course of time for specific blockchains.
cryptocurrency. Having an immutable distributed
this article? However, problems spur innovation, and we may
ledger within a financial system has its obvious see some interesting solutions that will cross
advantages such as self-auditing and transparency. technology boundaries in 2020.
• Read Blockchain
But adding the ability to execute specific code after
Preparation Audit
a transaction with smart contracts allows the ISACA® offers a hands-on blockchain course for
Program.
automation of some of the more tedious and those interested in learning the basic cryptologic
www.isaca.org/
overwhelming tasks such as property transactions functions, data structures and configurations
blockchain-audit-
and insurance claims. And then there is Bitcoin. needed to implement blockchain technology
program
• Learn more (https://nexus.isaca.org/products/132).
The truth is, blockchain technology would not be as
about, discuss
talked about without cryptocurrency. With Bitcoin’s Endnotes
and collaborate
current market cap at US$129 billion,4 its potential 1 Liu, S.; “Size of the Bitcoin Blockchain From
on emerging
impact cannot be overlooked. Whether or not that 2010 to 2019, by Quarter,” Statista, 1 October
technology in
potential impact will be that of net gain or loss is 2019, https://www.statista.com/statistics/
ISACA’s Online
constantly in question. The volatility of the crypto 647523/worldwide-bitcoin-blockchain-size/
Forums.
market should not be ignored, and it seems like 2 Miliard, M.; “Massachusetts General Hospital
https://engage.
every time you turn around there is another initial Piloting Blockchain Projects With Korean
isaca.org/
coin offering (ICO) with promises of becoming “the Startup,” Healthcare IT News, 6 December 2018,
onlineforums
next Bitcoin.” https://www.healthcareitnews.com/news/mass
achusetts-general-hospital-piloting-blockchain-
What Will the Future Hold? projects-korean-startup
3 Brett, C.; “Walmart Canada and DLT
The trend of testing blockchain technology in
Labs Launch Production Blockchain,”
different industries will continue in 2020, and we will
Enterprise Times, 21 November 2019,
probably start seeing some business spin-off
https://www.enterprisetimes.co.uk/
opportunities as a result, including blockchain
2019/11/21/walmart-canada-and-dlt-labs-
system security, audit and governance roles.
launch-production-blockchain/
Although blockchain could be used to nearly
4 CoinMarketCap, Top 100 Cryptocurrencies by
eliminate the need for auditing of the data within, it
Market Capitalization, https://coinmarketcap.com/
will not eliminate the requirements to conduct
5 National Institute of Standards and Technology,
audits on the systems that run it. Governance and
Blockchain, USA, https://www.nist.gov/
regulations will still require that we conduct
topics/blockchain
attestation on these systems and verify that they
6 International Organization for Standardization
are functioning properly and securely, and we
(ISO) Technical Committees (TC), ISO/TC 307
should expect to see even more in-depth guidance
Blockchain and distributed ledger technologies,
from organizations such as the US National
https://www.iso.org/committee/6266604.html

12 ISACA JOURNAL VOL 2