Concerns of Blockchain

As any other kinds of virtual currency, Bitcoin is challenging the traditional

governmental control in our economic system. It reduces the profit of banks and indirectly of government if the banks are owned by the government. It increases the hardness of local

government to trace its cash or money flows especially for the international transactions because all the blocks are encrypted and anonymous in the Blockchain in terms of owners’ identities. Hence, it may promote the illegal trades, like drug or human traffic between nations.

In addition, Bitcoin can handle only seven transactions per second under its current network bandwidth allowance (BitcoinWiki 2017). As a comparison, the VISA network can process more than 2,000 transactions per second. The slow transaction speed may become an obstacle for Bitcoin being adopted widely.

Furthermore, its supporting infrastructure, Blockchain, is not immune to the worldwide natural disasters, especially those related to electronic power. Compared with the traditional paper note or gold, Bitcoin is not valuable when there is no power or a power shortage. Similarly, Blockchain can be infected by a worldwide computer virus as well. If some super- smart hackers could write such worldwide malicious codes and inject it into the Internet, the Blockchain will be the best tools for him to spread out virus, especially when the majority of computers have been infected. To illustrate, the another successful public Blockchain application, Ethereum, was hacked in 2016 for its DAO project due to a loophole in the programming code, although this is not the flaw of Blockchain mechanism (Vigna 2016). Hence, one needs to be caution about the risks involved in experimenting with Blockchain as its applications may still need some time to improve and perfect (Iansiti and Lakhani 2017).

4.11. Conclusions

This conceptual article aims to introduce the Blockchain technology and discuss how such profound technology can help to assist and advance information security. For decades, we have studied to build defense systems to prevent external hacking and enhance managerial policies to regulate employees’ data breach. However, information security issues still remain as the top concerns in both practice and academy. The fundamental design of our old security models leaves the opportunities and incentives for hackers and insiders to breach the information assets of a company. We made lots of progress to prevent intruders from breaking into the

systems and accessing valuable information, like “Defense in Depth” and data encryptions, but it

also leaves a big blank after intruders have successfully hacked into the systems and gained a control of it. The fundamental idea behind it is based on the trusted third party (e.g.,

government, bank, corporation) to centralize control of our information assets because we believe they will have enough means to secure our data. However, with the advanced information technology, a certain intruder or a certain group of intruders sooner or later will outperform those trusted third party to seek their own self-interests and harm the rest of the public. The design of Blockchain has recognized the disadvantage of being controlled centrally (i.e., central point of failure), and hence, it creates a distributed ledger, which spreads across multiple sites, countries or institutions, and is typically public in the sense that anyone can view and audit it. Everything that we own and everything that we do is governed by those big piles of records in the Blockchain instead of a central trusted entity. Such radical design of Blockchain is controversial, disruptive, and breakthrough, but it is affecting a number of businesses to rethink their business models in the near future markets, especially the financial industry (Gupta and Knight 2017).

Furthermore, relying on the theory of bounded rationality, this paper sheds light on how the application of Blockchain can complement and improve current information security defense models. The information security research has switched from defending the products of hackers (e.g., computer virus) to hackers themselves, as destroy the leader and the gang will collapse. Such new focus leads information security companies (e.g., McAfee) to develop new defending systems to delay, trace, and identify hackers. With the help of local law enforcement,

information security has been greatly improved. However, with the rapid development of new emerging technology (e.g., the Internet of Things), more and more international hackings and insider data breaches occur in the recent years. It seems that the focus on catching intruders is no longer the most effective strategy, as they become more difficult to identify and harder to

prosecute by law. Instead, we may need to defeat a hacker’s mind as one’s intention leads to his actual behavior according to the Theory of Planned Behavior (Ajzen 1991). If a certain

mechanism can effectively undermine hackers’ motivations for attack, hackers would have no incentives to commit the malicious deeds any more. Humans are limited for the cognitive capacity of their minds and the time available for them to make the most optimal decision; thus, they often make a good enough practical decision under their bounded rational. Through our illustrations in the paper, Blockchain is very suitable to support current information security models to dramatically increase the level of complexity of compromising information assets. Therefore, due to intruders’ bounded rationality, applications of Blockchain with current countermeasures can greatly assist and advance information security.