ENISA European Network and Information Security : report on blockchain technology and security

Blockchain is a distributed ledger which maintains all transactions and assets and is updated by a number of counterparties. Financial institutions are investing in the technology - in what is hoped - to automate processes and remove 'human' errors. This may help towards lowering transactional and operational costs by releasing the finance sector from its legacy systems.

A World Economic Forum[1] report reveals that over one billion euros are invested in blockchain technology startups. Despite the potential cost savings, it remains important to assess what the security implications of Blockchain implementations might be.

ENISA analysed the technology and identified security benefits, challenges and good practices. The report identifies that some principles used in the security of traditional systems and in blockchain, such as key management and encryption, are still largely the same. There are however new challenges that the technology brings, like consensus hijacking and smart contract management. Additionally, it highlights that public and private ledger implementations will face different sets of challenges.

To secure business information whilst leveraging blockchain technology, financial institutions should seek to adopt best practices which allow them to:

• monitor internal activity
• automate regulatory compliance
• disclose information only to relevant counterparts and authorities
• adopt industry level governance procedures which will facilitate the updating of ledger implementations over time

Udo Helmbrecht, Executive Director of ENISA, said: 'Cyber security should be considered as a key element in the Blockchain implementation by financial institutions.'

ENISA held a workshop in October to validate the results of its study. The agency will remain active in providing awareness on the cyber security challenges in new technologies and continue its work in the finance sector as part of its mandate in the protection of critical information infrastructures. In the context of the NIS directive[2] and the Payment Services Directive ENISA works with ECB and EBA in addressing incident reporting and minimum security measures in the finance sector.

Full reporthere
For interviews and press enquiries please contact press@enisa.europa.eu, Tel. +302814 409576

[1] World Economic Forum (WEF), 'The Future of Financial Infrastructure', Aug 2016, http://www3.weforum.org/docs/WEF_The_future_of_financial_infrastructure.pdf

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS