Blockchain is (still!) all the rage at identity and cybersecurity conferences. Blockchain sounds new and exciting, looks slick on marketing materials, screams “innovation!,” powers cryptocurrencies like Bitcoin, and has been billed as a cure-all for a variety of use cases. The US Federal Government faces so many technical challenges that it’s no wonder there’s interest in a magical cure! I must admit that I shared some of that hope when I began my research into the emerging market of blockchain technologies in 2015 for the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate.
My colleague and I, Dr. James Howard, recently published an article in IEEE Security and Privacy, “Blockchain Compliance with Federal Cryptographic Information Processing Standards.”
Forbes concluded their review of our article with: “The federal government, at least seems, is serious about blockchain.” That may be so, but before skipping to the selection of a FIPS-compliant blockchain for a proof of concept, it’s essential to take a step back and consider whether blockchain is the best technology to solve a particular problem.
That is a step that unfortunately can get skipped in a rush to design a solution. When I met with government program managers curious about blockchain, I found that the question “how can I use blockchain to solve my problem?” was being asked far more than “what is the best solution to my problem and could it be blockchain?”
No matter how exciting a new technology may seem, it’s important to think critically and analytically about whether that technology, blockchain or otherwise, is suitable to address the problem. In fact, many of the blockchain “success stories” I’ve heard are actually promoting the non-blockchain capabilities of a system, and the system would likely have been even more successful had the blockchain component been replaced by a secure cloud database.
Far from being a “cure-all” for challenging technical problems, blockchain is in reality a highly specialized technology that is not appropriate for most use cases. In fact, after three years of research and analysis looking at potential federal government use cases for blockchain, I reached essentially the same conclusion that Bruce Schneier so aptly depicted in his February 2019 Wired article “There’s No Good Reason to Trust Blockchain Technology”:
The graphic above is a slight oversimplification of my conclusion; my team and I actually developed a detailed decision tree and primer for use by government program managers to evaluate whether they have a use case where blockchain may be worth consideration:
So, what happens if you made it all the way through the decision tree and have concluded that you may have a viable blockchain use case? Is it time to identify a FIPS-compliant blockchain and start a proof of concept? Not quite! Remember that finding the best solution requires carefully considering all your options, including older or less-glamorous technologies. Consider that not blindly falling into the allure of a new, innovative technology is innovative enough!