The Need for Cyber Resilient Enterprise Distributed Ledger Risk Management Framework

IF 1.4 Q3 ECONOMICS
Robert Campbell
{"title":"The Need for Cyber Resilient Enterprise Distributed Ledger Risk Management Framework","authors":"Robert Campbell","doi":"10.31585/jbba-3-1-(5)2020","DOIUrl":null,"url":null,"abstract":"Critical infrastructure sectors are increasingly adopting enterprise Distributed Ledgers (DL) to host long-term assets, systems, and information that is considered vital to an organization’s ability to operate without clear or public plans and strategies to migrate safely and timely to Post Quantum Cryptography (PQC). A quantum computer (QC) compromised DL would allow, eavesdropping, unauthorized client authentication, signed malware, cloak-in encrypted session, a man-in-the-middle attack (MITM), forged documents and emails. These attacks can lead to disruption of service, damage of reputation and trust, injury to human life, and the loss of intellectual property, assets, regulated data, and global economic security. In 2018, Gartner revealed that a QC is a digital disruption that organizations may not be ready and prepared, and CIOs may not see coming. On September 18, 2019, IBM announced the largest universal QC available for commercial use would be available in October 2019. On October 23, 2019, Google officially announced “Quantum Supremacy,” “by performing a calculation in 200 seconds that would take a classical supercomputer approximately 10,000 years.” DL Cyber Resilience requires “reasonable” measures, policies, procedures, strategies, and risk management before large-scale deployment. Cyber Resilience implementations must be a critical component during the design and building phase, or during the initialization phase. The most significant existing attack vectors for enterprise DLs is the Public Key Infrastructure (PKI), which is fundamental in securing the Internet and enterprise DLs and is a core component of authentication, data confidentiality, and data and system integrity [1] [2]. Effectively implementing and managing a quantum-resistant PKI solution requires adherence to PKI standards, industry requirements, potential government mandates, certificate management policies, training personnel, and data recovery policies that currently do not exist. This research discusses security risks in enterprise DL PKI, areas that can be compromised, and provides an idea of what should be in a PKI DL Risk Management Framework plan.","PeriodicalId":33145,"journal":{"name":"The Journal of The British Blockchain Association","volume":"63 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Journal of The British Blockchain Association","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.31585/jbba-3-1-(5)2020","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ECONOMICS","Score":null,"Total":0}
引用次数: 2

Abstract

Critical infrastructure sectors are increasingly adopting enterprise Distributed Ledgers (DL) to host long-term assets, systems, and information that is considered vital to an organization’s ability to operate without clear or public plans and strategies to migrate safely and timely to Post Quantum Cryptography (PQC). A quantum computer (QC) compromised DL would allow, eavesdropping, unauthorized client authentication, signed malware, cloak-in encrypted session, a man-in-the-middle attack (MITM), forged documents and emails. These attacks can lead to disruption of service, damage of reputation and trust, injury to human life, and the loss of intellectual property, assets, regulated data, and global economic security. In 2018, Gartner revealed that a QC is a digital disruption that organizations may not be ready and prepared, and CIOs may not see coming. On September 18, 2019, IBM announced the largest universal QC available for commercial use would be available in October 2019. On October 23, 2019, Google officially announced “Quantum Supremacy,” “by performing a calculation in 200 seconds that would take a classical supercomputer approximately 10,000 years.” DL Cyber Resilience requires “reasonable” measures, policies, procedures, strategies, and risk management before large-scale deployment. Cyber Resilience implementations must be a critical component during the design and building phase, or during the initialization phase. The most significant existing attack vectors for enterprise DLs is the Public Key Infrastructure (PKI), which is fundamental in securing the Internet and enterprise DLs and is a core component of authentication, data confidentiality, and data and system integrity [1] [2]. Effectively implementing and managing a quantum-resistant PKI solution requires adherence to PKI standards, industry requirements, potential government mandates, certificate management policies, training personnel, and data recovery policies that currently do not exist. This research discusses security risks in enterprise DL PKI, areas that can be compromised, and provides an idea of what should be in a PKI DL Risk Management Framework plan.
网络弹性企业分布式账本风险管理框架的需求
关键基础设施部门越来越多地采用企业分布式账本(DL)来托管长期资产、系统和信息,这些资产、系统和信息被认为对组织在没有明确或公开计划和战略的情况下安全、及时地迁移到后量子加密(PQC)的运营能力至关重要。量子计算机(QC)受损的DL将允许窃听、未经授权的客户端身份验证、签名恶意软件、隐形加密会话、中间人攻击(MITM)、伪造文件和电子邮件。这些攻击可能导致服务中断、声誉和信任受损、人身伤害,以及知识产权、资产、受监管数据和全球经济安全的损失。2018年,Gartner透露,QC是一种数字化颠覆,组织可能没有准备好,首席信息官可能没有看到它的到来。2019年9月18日,IBM宣布将于2019年10月推出可用于商业用途的最大通用QC。2019年10月23日,谷歌正式宣布了“量子霸权”,“通过在200秒内完成经典超级计算机大约需要1万年的计算”。DL网络弹性在大规模部署之前需要“合理”的措施、政策、程序、策略和风险管理。在设计和构建阶段,或者在初始化阶段,网络弹性实现必须是一个关键组件。目前针对企业dl的最重要的攻击载体是公钥基础设施(PKI),它是保护Internet和企业dl的基础,也是身份验证、数据机密性、数据和系统完整性[1][2]的核心组件。有效地实施和管理抗量子PKI解决方案需要遵守PKI标准、行业需求、潜在的政府命令、证书管理策略、培训人员和数据恢复策略,而这些目前还不存在。本研究讨论了企业DL PKI中的安全风险,可能受到损害的领域,并提供了PKI DL风险管理框架计划中应该包含的内容。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
11
审稿时长
5 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信