Blockchain/ Distributed Ledger

Back to discussions
Expand all | Collapse all

Meeting Recording and Notes - June 28

  • 1.  Meeting Recording and Notes - June 28

    Posted Jun 28, 2023 11:50:00 AM
    Recording:
    Notes:  Proposing new initiative - Top 5 security controls that might keep your CISO out of jail

    The meeting covered various topics related to blockchain technology and cybersecurity. The impact of quantum computing on cybersecurity was discussed, highlighting the need for a transition to quantum-safe algorithms and PKI technology. The importance of cryptoagility in building systems that can use multiple cryptographic algorithms to ensure future-proofing was also emphasized. The need to sell the value of governance and security to companies to make blockchain technology more palatable to them was discussed, and a problem statement email will be drafted to clarify the issue. CISOs are facing challenges due to budget cuts and legal issues, which are affecting their ability to protect against security threats. The importance of prioritizing governance issues in blockchain projects based on the specific needs of each organization was also discussed. Finally, the importance of security and how regulation and automation can help companies prioritize it was highlighted.

    Highlights
     

    1. Quantum Computing and Cybersecurity (10:52)
      Discussion on the impact of quantum computing on cybersecurity and the need for a transition to quantum-safe algorithms and PKI technology.

      • Important | Cryptoagility is the term used to describe building a system that can use more than one crypto algorithm, because while you don't need to use more than one crypto algorithm today, at some point, you do have to upgrade. This is similar to how web browsers have transitioned from TLS 1.0 to 1.1 to 1.2 to 1.3, dropping older, weaker encryption algorithms for this exact reason.
         
      • Important | While encrypted information in blockchain may seem secure, it may not be against quantum computing, which can crack down PKI addresses and reveal the identity of the user. Healthcare data and other important data may still be valid in 10 years or more, but if the threat model is a state-level actor, then encryption may not matter as governments can legally obtain all IP wallet traffic from every exchange on the planet.
         
    2. Cryptoagility (2:8)
      Discussion on the need for cryptoagility in building systems that can use multiple cryptographic algorithms to ensure future-proofing.

      • Important | Cryptoagility is the term used to describe building a system that can use more than one crypto algorithm, because while you don't need to use more than one crypto algorithm today, at some point, you do have to upgrade. This is similar to how web browsers have transitioned from TLS 1.0 to 1.1 to 1.2 to 1.3, dropping older, weaker encryption algorithms for this exact reason.
         
    3. Selling the Value of Governance (7:54)
      Discussion on the need to sell the value of governance and security to companies to make blockchain technology more palatable to them.

      • Fact | The team is almost finished with their existing research and will have publications in about two weeks.
         
      • Action | One of the participants will draft an email with a problem statement to clarify the issue they are trying to address and send it to the mailing list. They will then discuss it in their subgroup and potentially spin up a separate subgroup for governance. 
         
      • Important | In the context of the chaotic blockchain world, the challenge is to convince people, especially in the enterprise world, of the importance of governance, which is essential for a successful blockchain implementation, similar to the case of Linux where businesses were hesitant to use it due to lack of support.
         
    4. Budget cuts and legal issues affecting CISOs (5:20)
      CISOs are facing challenges due to budget cuts and legal issues, which are affecting their ability to protect against security threats.

      • Concern | The team acknowledges that their current approach is not effective and nobody is willing to follow it, so they suggest putting aside old methods and doing a risk analysis to focus on defending against specific concerns.
         
      • Important | In the industry, projects are becoming very tight and old stuff is considered disposable, but everyone knows they are essential and there is no solution inside. Nobody is ready to emulate the old stuff.
         
    5. Prioritizing governance issues in blockchain projects (7:4)
      The group discusses the importance of governance in blockchain projects and the need to prioritize governance issues based on the specific needs of each organization.

      • Important | The speaker suggests focusing on finding ways to convince people about the importance of governance in blockchain projects, as it is a crucial aspect that needs to be considered, especially in cases where the CSA is involved in a blockchain project, and the first questions should be about governance, such as how to fix issues, deal with them, and make changes to the blockchain.
         
      • Important | During the meeting, there was a question raised on whether to emphasize the priority of the traits or leave it to the individual to decide based on their limited budget.
         
    6. Importance of Security (8:25)
      Discussion on the importance of security and how regulation and automation can help companies prioritize it.

      • Action | The speaker will post the recording and an outline of notes on Circle for everyone to access, thanking Larry for his contribution.


    ------------------------------
    Hillary Baron
    Sr Technical Director
    CSA
    ------------------------------