For regulators to understand blockchain's cybersecurity benefits and risks, they must first have a deeper understanding of the technology – and businesses hold the key to that, according to new research.
Governments around the world are beginning to increase regulatory oversight of cryptocurrencies, such as bitcoin, which are underpinned by blockchain's distributed ledger technology. In turn, businesses that use private or "permissioned" blockchain networks are likely to also see more oversight, according to experts.
With that in mind, heavily regulated industries such as FinTech, healthcare, transportation and manufacturing can help develop a government's understanding of blockchain through better dialogue and the creation of joint regulatory sandboxes.
Permissioned blockchains – which, like a relational database, are centrally managed – can combat cybersecurity risks and protect "consumers' financial information and the integrity of the global financial system," the researchers said in a white paper highlighted in a Microsoft blog.
The distributed ledger technology, the paper argues, offers significant cybersecurity capabilities, as well as some of the same cyber risks that affect other IT systems, "all of which merit further evaluation by regulators and industry.
"If properly structured, these sandboxes can align incentives between regulators and [industries] by giving regulators insights into blockchain technologies and [industries] the ability to test new technologies in a limited live environment without doing a full-scale roll-out subject to the litany of regulatory requirements," the researchers said.
The research paper, written by Erin English, Microsoft's senior security strategist; Amy Davine Kim, general counsel at Chamber of Digital Commerce; and Michael Nonaka, co-chair of the financial institutions group the law firm of Covington and Burling, noted that regulators need insight into the cybersecurity benefits of blockchain – both for businesses and federal and state agencies.
Records added to a blockchain ledger generally are immutable, meaning they leave behind a tamperproof and auditable record of transactions. At the same time, ensuring that blockchain records are immutable may require a special programming adjustment to restore a blockchain's integrity if fraudulent or malicious transactions are introduced.
"Blockchain participants' roles and responsibilities also require a thoughtful governance structure in order to achieve an effective balance of access and security," the paper said.
Currently, there are 18 proposed or live blockchain regulatory sandboxes at various stages of development around the globe, according to U.K.-based consultancy Innovate Finance.
In 2015, the U.K. was among the first nations to roll out a regulatory sandbox, the first one of which was dedicated to FinTech services. U.K. companies can now apply to the U.K. Financial Conduct Authority (FCA) to test their blockchain services in the sandbox.
Last year, Arizona's Attorney General submitted a legislative proposal to establish a FinTech regulatory sandbox for corporations to develop the technology. The legislation -- HB 2434 - passed the House and is now making its way through the state Senate.
The paper's authors recommend that organizations using blockchain apply a tailored version of the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework to develop cybersecurity programs for permissioned blockchain networks.
Vendors are also quickly ramping up blockchain SaaS offerings.
IBM, SAP, HP and Microsoft and others have begun offering blockchain business services.
This year, blockchain testing programs among enterprises are expected to evolve from pilot tests to real-world platforms; supply chain management is among the industries the distributed ledger technology is set to disrupt.
For example, Maersk and IBM have already announced a joint venture to deploy a blockchain-based electronic shipping system that will digitize supply chains and track international cargo in real time.
The new platform could save the global shipping industry billions of dollars a year by replacing the current EDI- and paper-based system, which can leave containers in receiving yards for weeks.
Other industries are also embracing the technology for its immutability and transparency.
Rolling out permissioned business blockchains in safe sandboxes would allow regulators to obtain information about them in a live environment.
"Regulators and [industries] could, for example, work together to determine the appropriate level of testing necessary to give regulators confidence in the security and resiliency of blockchain technologies," the research paper said. "Such an iterative testing process provides a roadmap through which regulators and industry could arrive at a common understanding of accepted testing standards for blockchain technologies."