Amid the rush to utilise blockchain, financial services firms have been told by the European Union Agency for Network and Information Security (Enisa), that they must address security issues associated with the technology.
Banks have been in the process of testing the distributed ledger technology with the target of improving efficiency while cutting costs on security settlements and remittances. Enisa has conducted its own report on blockchain, in which it recognises the obvious advantages in transaction privacy, and in the ability to follow an audit trail for agreements. Despite this, the potential for consensus hijacking and smart contract management pose significant challenges.
According to the Enisa report, consensus hijacking can occur when an attacker takes control of a large enough number of the participants clients, allowing them to ‘tamper with the validation process’. The same risk has been noticed with Bitcoin, and has been referred to as a “51% attack”’. It is said that this access could allow an attacker to get ahead of other participants in the process and imitate legitimacy.
The Enisa report offers a plan of action, encouraging firms to monitor internal activity, disclose information only to relevant counterparts and authorities, and to adopt industry level governance procedures.