- Under the name of Enterprise Blockchain Security Specification (EBSS), its objective is to establish a guide of good practices to improve security in this type of technology in the companies that use it.
- Experts from both companies have highlighted that EBSS will be of great use to companies as it will allow their IT experts to use parameters to adequately protect the processes in which blockchain is applied.
- The main security problems of this technology are due to the emergence of new cybersecurity paradigms, bad practices in information security and the lack of security of conventional information systems.
Valencia, September 10, 2020.- The Valencian company S2 Grupo (specialized in cybersecurity and management of critical systems) together with Cryptonics (spin-off of S2 Grupo specialized in cybersecurity in blockchain) have launched a pioneer quality seal in cybersecurity in the blockchain technology of companies.
Under the name of Enterprise Blockchain Security Specification (EBSS), its objective is to establish a guide of good practices in this field to improve security in this type of technology. This will be very useful for the IT experts of companies that use blockchain because it will allow them to follow essential parameters to adequately protect their businesses and organizations.
To this end, both companies have announced the creation of the Enterprise Blockchain Security Council (EBSec), an open alliance of companies with a shared interest in the secure adoption of blockchain and DLT (Distributed Ledger Technology) systems. For the moment, this alliance includes companies of international reference in the sector such as Solidified, a company that audits intelligent contracts and has a bug bounty platform (reward program) that specializes in audits of intelligent contracts, and PARSIQ, a leader in blockchain analysis and specialized in real-time monitoring of digital assets implemented in this technology.
“Until now, there were no standards or quality certifications in blockchain and more and more companies are using it. This left a void in the cyber protection of the companies that we have decided to cover with the creation of this pioneering quality seal, which will allow us to follow a guide of good practices for the cyber protection of blockchain ”, explained José Rosell, partner-director of S2 Grupo.
“Blockchains are protected by advanced cryptography that is often mistakenly believed to be unbreakable with today’s technology. This means that, in theory, digital assets stored on distributed ledgers should be extremely secure. However, we have seen how cybersecurity incidents constantly lead to the theft of assets”, declared Miguel A. Juan, managing partner of S2 Grupo.
“Virtually every week we encounter major incidents or new vulnerabilities are revealed. The apparent insecurity of the public space of blockchains has started to affect the reputation of distributed ledger technology and thus seriously hinders business adoption. This means that companies and entire industries do not see clearly how to use it and, therefore, it is essential to have standards that allow them to do so in a cyber-secure way, ”said Stefan Beyer, CEO of Cryptonics.
Three cybersecurity problems in DLT (Distributed Ledger Technology, distributed transaction logs)
According to cybersecurity experts from S2 Grupo and Cryptonics, the main cybersecurity problems of ledger technology are:
1.- Paradigm shift: companies have to deal with new security paradigms that they are not used to and lack good practice guidelines. Decentralized blockchain systems differ from traditional IT systems in that asset security is no longer a centralized concept, in which data and other resources are locked in a black box server in a vault-type scenario. Assets are now transparently protected by cryptographic protocols, user-managed cryptographic keys, and even complex rules in smart contracts. This means that
2.- Bad practices: bad practices in information security are very frequent in all systems, but the impact is worse in transparent and decentralized systems that depend on the security of private keys.
3.- Lack of security of conventional information systems: distributed ledgers and smart contracts are only a small part of typical blockchain applications. Usually there are several layers of conventional software, including web interfaces, APIs, node software, and databases. In many incidents, the system is attacked through traditional software vulnerabilities, not through blockchain technology.
“EBBS was born out of the need for general security guidelines that companies can use to apply a minimum security standard in their operations. The specification is not intended to replace existing security standards, such as ISO / IEC 27001: 2013. Nor does it offer low-level security measures to provide secure code, other recommendations already exist that cover specific technologies. However, the EBSS focuses on the general guidelines and operational policies that should be in place in a company that wishes to adopt distributed ledger technology in a cyber-secure manner”, said Stefan Beyer.