Amid the rush to utilise blockchain, financial services firms have been told by the European Union Agency for Network and Information Security (Enisa), that they must address security issues associated with the technology.
Banks have been in the process of testing the distributed ledger technology with the target of improving efficiency while cutting costs on security settlements and remittances. Enisa has conducted its own report on blockchain, in which it recognises the obvious advantages in transaction privacy, and in the ability to follow an audit trail for agreements. Despite this, the potential for consensus hijacking and smart contract management pose significant challenges.
According to the Enisa report, consensus hijacking can occur when an attacker takes control of a large enough number of the participants clients, allowing them to ‘tamper with the validation process’. The same risk has been noticed with Bitcoin, and has been referred to as a “51% attack”’. It is said that this access could allow an attacker to get ahead of other participants in the process and imitate legitimacy.
The Enisa report offers a plan of action, encouraging firms to monitor internal activity, disclose information only to relevant counterparts and authorities, and to adopt industry level governance procedures.
Executive Director at Enisa Udo Helmbrecht has said that “Cyber security should be considered as a key element in the Blockchain implementation by financial institutions.”
The Enisa report comes at a time when interest in the potential of Blockchain technology is at a high, with a group of seven major European banks, including HSBC, recently announcing a plan to implement it by the end of 2017. Eagerness to bring Blockchain technology on board has escalated following estimations of success, such as that by an Accenture report, which found that Blockchain could save banks £12bn a year.