SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
How government can safeguard identity on the blockchain
Mon, 30th Oct 2017
FYI, this story is more than a year old

Australian governments are undergoing an inevitable evolution into complex information brokers, and with it becoming a more attractive target for cyber criminals.

The implications of such enormous data holdings were felt by the public when Medicare recently suffered an infringement on their data. Hundreds of Australian citizens' card numbers were found listed (with intent to sell) on the darknet. While the leaked data was insufficient on its own in accessing health records, illegal possession of the numbers could have been highly dangerous had the perpetrators found access to the victim's other personal details.

The breach was addressed in the Australian Government's Independent Review of Health Providers' Access to Medicare Card Numbers released earlier this month, which requested the government migrate to a more secure platform, in order to tighten the security controls around card information and other personally identifiable elements.

With health, welfare, education and the pension services requiring reams of information on identity, social needs, eligibility, and entitlement, how can we trust that sensitive citizen data is in safe hands? Those within government concerned with data security (and rightly so) are turning to blockchain as a potential saviour.

How can blockchain protect our data?

In the real world, we are defined by tangible elements – belongings, relationships and surrounding environments. But out in the cyber universe, we exist simply as data. Our identities, assets and intellectual property are intangible, but for the code that lies beneath. Storing, tracing and protecting our place in the digital universe has proven more complex than security protocol and software can keep up with – until now.

Blockchain, a technology instigated by cryptocurrencies, is a publicly available, decentralised ledger of validated and irreversible transactions boasting full transparency and ultimate permanency. Unimaginable computational processing power is needed to override the network. There are no singular points of vulnerability and the corruption of any one bit of data results in its network-wide corruption, making unauthorised actions impossible. Consequently, blockchain is almost entirely secure in the face of human-led threats.

The innovation is helping to digitise, validate and automate entire processes and interactions, making paper trails redundant and exponentially decreasing human error. And it's revolutionising the concept of data protection. Blockchain's application in the public sector is multifaceted – encompassing everything from claims assessment to certificates of qualification.

One area that particularly excites us is identity management. Here are three significant ways we see Blockchain playing a role in our citizen's data protection:

1. Hello digitisation, goodbye human error

Humans inherently make mistakes. Employees will give out confidential details (whether because of ignorance or for financial gain). Documents will get lost. And it's important to remember that cybercriminals are humans too. Perhaps taking an element of human involvement out of the transaction equation is an evolutionary step forward in securing our data. One way to do this is to digitise all documents and data in the blockchain ledger, where they are held securely and irreversibly and won't be compromised, as in the Medicare breach.

Here's a real-world example: a patient's medical history is crucial when recommending treatments in emergencies. But the process of obtaining this medical history at a new hospital or clinic is time-consuming and paper-based documents can be lost. Blockchain enables patients to control access and securely share the data with other doctors, welfare services, insurances or other services. Medical practitioners can then easily access data and recommend treatments based on the history of the patient, providing effective services and saving lives. And none of it lands on the wrong desk or in the wrong hands.

2. Safety with Secure Hash Algorithm (SHA)

Enterprises need to control access to data to prevent IP theft and leakage of corporate data. On the blockchain, identity and other personal information is stored in a 256-key encrypted Secure Hash Algorithm (SHA) format, which is almost immune from infringement. To further prevent data tampering, employees must go through stringent authentication to get access to facilities, resources and internal networks, using blockchain to verify their credentials with biometrics, passwords and system configurations. This encryption data would only be available to accredited organizations and to whom access has been granted.

3. The proof in the permanency

Identity data on the network cannot be lost and is available to be accessed and updated at any time. Verified transactions are permanently recorded, traceable and updated across the entire network every 10 minutes. And thanks to the stringent authentication and consensus protocol, unverified transactions are impossible.

Essentially, nothing can be faked, everything can be traced and all transactions and data can be used as legal proof in the aftermath of a breach, should it occur.

Fighting cybercrime is tricky business for public sector organisations. We cannot rally the troops or send officers in to mediate crime scenes like the Medicare breach. We must rely on technology and innovation to prevent attacks and mistakes from occurring in the future – a level of trust no software or protocol has yet truly provided. But thanks to its ultimate permanency, verification and digitisation, we can be certain of the influence blockchain will have over our government's data security.