Blockchain may be a “power protector,” serving as a weapon in cyber-defense. The wanna-cry ransomware saga that played out last month was a dramatic wake-up call, and it appears to be just the beginning of major attacks that are broadening across targets—many more attacks have hit since. Identity theft is rampant, we already knew that, but the advent of ransomware as a cybercrime norm means that our data is vulnerable too. Documents, records, communications, entire systems can all be frozen by an careless click on a malicious message.
These threats extend into the physical world of things that link to the web and share data. Energy too, where the power grid is controlled by connected computer systems, is vulnerable to cybersecurity threats. Just before Christmas in 2015 a worker in a Ukrainian power station watched helplessly as the cursor in his computer was operated remotely and shut down a grid that left 230,000 people in the dark. The good news was that the relatively dated manual backup system, a system that more modern systems no longer use, could be used to operate the system. The hackers overwrote so much programming that the automatic systems were still off-line months later. There is an intrinsic level of insecurity presented by the smart meters that are used more and more all over the world. The Internet of things (IoT) will introduce billions of energy-using and Internet-connected devices over the next few years that will bring with them a several-orders-of-magnitude increase in vulnerability to cybercrime.
Blockchain technology has the potential to provide a robust barrier to cyber-threats and to increase cyber-security for energy grids.
- Tamperproofing data: Blockchain eliminates man-in-the-middle attacks—data modified en route. By hashing at the point of origin, there is no risk of attack while in transit.
- Disintermediation: With blockchains, intermediaries (e.g., escrow corporations) are oftentimes no longer necessary, significantly reducing transaction costs.
- Complete data availability: Decentralized data means that if some nodes are compromised, a complete dataset is still available.
- Redundancy: Without a central server, reliability through redundancy is built in.
- Privacy and control: Users can choose which data to make transparent and which to encrypt for specific users to access.
- Outsourcing computation: Even when processing by a third party the contents remain secure.
Mitigating “Internet of Things” vulnerabilities is becoming critical. An April report suggested that millions of (IoT) devices in homes had been hacked and bricked as a protest against poor cybersecurity for thousands of devices set to basic authentication. The hackers could have done much more damage, but they were making a point. Unsecured IoT devices are unsafe and need to respond to the real-world environment where people’s security and property are at risk. The default blockchain authentication used in cybercurrency systems is a far more secure method and has the potential to significantly reduce threats to security and privacy. Incorporating pricing and settlement on wholesale electricity markets into a secure blockchain can also prevent pricing manipulation.