Blockchain is a technology which allows a decentralised and distributed ledger of information (split into blocks, and encrypted using cryptography) to be shared and maintained between multiple users. In the case of a public blockchain, and in order to link a new block, the other users in the network validate the entry by solving complex computational problems.
This process uses significant amounts of computer processing power and, by extension, electricity. The users that validate each transaction are incentivised and rewarded (in the case of a cryptocurrency ledger, with units of cryptocurrency which they then own; this is referred to as 'mining'). If an entry to the ledger is not verified or validated by the other users in the network (for example, because someone has tried to amend a historical transaction) that block is not added to the ledger.
Blockchain technology has the potential to strengthen governance and transparency standards within particular sectors by ensuring that the information which is captured, and recorded, is then not altered or tampered with. Those in the supply chain will reap the benefits of this technology (in the horsemeat scandal, it would have greatly assisted the tracing of tainted products and organising of recalls). The other major benefit is the introduction of smart contracts which allow routine contractual obligations to be coded and programmed within software. The upshot is that actions (perhaps payment of an obligation, or transfer of an asset) are made automatically (for example, when a certain stage of a building contract is achieved).
On first glance, the benefits of blockchain are extensive; information added to the blockchain is difficult to tamper with (unless you could simultaneously control the majority of computers, or nodes, within the network - on a public blockchain this could be thousands), at least until quantum computers become commercially available. As a result, the number of potential 'entry points' (from a hacker's perspective) increases from the usual single computer. The implications of smart contracts could potentially mean that, so long as the obligations are achieved, the risk of a party not receiving payment could be greatly reduced.
From a practical perspective, in the supply chain, organisations will be able to audit the products that they have received which will make recalls and investigatory work quicker and easier. Wider implications are also being considered, for example blockchain is being touted as a potential solution to voter fraud.
The value in what blockchain brings to the party is neatly summarised by Steve Webb of PWC:
"How Blockchain technology works isn't actually that important. What matters is that it brings the ability to establish trust between two machines, people or entities, and then transfers value securely and transparently between them"
However, blockchain is not a complete answer to all problems (and is absolutely not a way of eradicating the importance of maintaining the three pillars of cyber security - people, processes and technology). Until technology has developed to a point at which artificial intelligence can verify and record information on a blockchain ledger, there is an inherent need for human interaction. This means that the person inputting the information must be honest in doing so (and perhaps in a small private network one could see how a blockchain solution would not eradicate collusion or corruption). Returning to the supply chain analogy, what the blockchain does not do is stop a farmer from marking a container full of horse meat as beef. In addition, whilst smart contracts are seen by some as the future, they are only as strong as the software which has been programmed to operate the contract. If a payment is made prematurely, protracted legal proceedings may be needed to recover payments or assets which have inadvertently been transferred.
It is, therefore, essential that businesses are proactive and ensure that they keep their perimeters guarded. Cyber security issues cannot be dealt with in isolation; it is just as important to train staff as it is to ensure you have software in place to protect your IT systems.
Mark Kenkre and Chris Recker of Trowers & Hamlins spoke on this issue at the West Midlands Cyber Security Expo in 2018 and are contributing authors in a recent whitepaper on cyber security issues in the supply chain.