EI-ISAC Cybersecurity Spotlight – Blockchain
What it is
Blockchains are distributed ledgers that are digitally signed and linked via cryptography. Similar to a traditional ledger, blockchain documents transactions. In a blockchain, the digital ledgers are distributed across participants in a peer-to-peer network, ensuring the availability of the information to everyone involved. Participants are referred to as nodes, which are any systems using their resources to create and review transactions within the blockchain. These nodes run complex computations to create the ledger entries, or blocks, and verify all information within the blockchain. Each block in the chain details a cluster of transactions and these blocks are linked together in the order of their creation. The transaction data within each block encrypted through a secure hashing algorithm, which means each block has its own unique identifier, known as a hash. This links each block in a cryptographic manner that ensures the integrity of the information stored within the blockchain. Any changes made to data within the block would alter the original hash. These changes will be detected by the verification process, making the blockchain highly resistant to tampering. All the blocks in the chain, except the first, reference the previous block’s hash, therefore a change to one block invalidates all blocks created after it.
There are two overarching types of blockchains. These two types are public and private. There are degrees of variation in between these two based upon the permissions assigned to the participating nodes within the peer-to-peer network. Private blockchains rely on one authority to determine who may participate in the block creation, approval process, and in what manner. Alternatively, public blockchains are public and permission-less, indicating that all participants may read, write, or validate the ledger. Due to this shared responsibility, public blockchains are considered more resistant to tampering and cyber attacks
For more detailed information, please review this blockchain overview by the National Institute of Standards and Technology.
Why does it matter
Over the past several years, blockchain has been suggested by some technology advocates as a potential solution for increasing election security and transparency, and private companies have begun to offer solutions targeting state and local elections. West Virginia partnered with Voatz to use blockchain technology to allow overseas voters to cast their ballots during the 2018 general election and additional local governments are exploring a pilot. In theory, this technology can be leveraged in other parts of the election process as well as to assist with validating votes and ballots cast. However, industry leaders have not yet agreed upon proper implementation. As more providers consider new technologies to improve election processes, state and local election officials are likely to encounter and evaluate blockchain offerings.
In addition to its application to elections, blockchain has been implemented by state and local governments in sectors commonly overseen by Secretaries of State and Clerks. Currently, several states recognize blockchain as a legal electronic record format, including Arizona, Delaware, Nevada, and Vermont. Additionally, South Burlington, Vermont, piloted utilizing blockchain as a means to record property transactions.
What you can do
The EI-ISAC recommends that election officials considering implementing blockchain solutions work with their IT staff to first evaluate it as a solution then address cybersecurity risks and logistical challenges. While blockchain is valued for its reliability, it is not necessarily the best-suited option for every endeavor as it can be resource intensive. If an election office identifies blockchain as an appropriate solution, consider the degree to which the chain should be public or private. After deciding on the type, determine an appropriate size for the peer-to-peer network as smaller networks face an increased risk of manipulation, while larger networks increase transaction validation times. Additionally, if selecting a private blockchain, consider who will have authority to approve transactions and how the nodes will be secured.
The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact firstname.lastname@example.org.