1 / 39

Securing Supply Chains with Blockchain and AI

Securing Supply Chains with Blockchain and AI. Gerard Dache Government Blockchain Association (GBA) April 24, 2019. Introduction (40 years in one slide). Gerard Dache Former Infantry, Intelligence & Logistics Enlisted/Officer (1978-1991)

ledward
Download Presentation

Securing Supply Chains with Blockchain and AI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Supply Chains withBlockchain and AI Gerard Dache Government Blockchain Association (GBA) April 24, 2019 www.GBAglobal.org

  2. Introduction (40 years in one slide) • Gerard Dache • Former Infantry, Intelligence & Logistics Enlisted/Officer (1978-1991) • Quality, Reliability and Process Improvement Consultant (1991-2005) • CMMI Lead Appraiser/High Maturity Lead Appraiser (2005-2017) • President, Common Sense Solutions (2005 – Present) • Executive Director, Government Blockchain Association (2017-Present) • Government Blockchain Association (GBA) • Local chapters in 90 cities around the globe • Over 50 working groups • Members include government and private sector organizations and professionals around the world www.GBAglobal.org

  3. Understanding the Threat www.GBAglobal.org

  4. Supply Chain Hacks By Nation States ASUS Supply Chain Hack Approximately 7% of the global computer market Manufacturing plant in Taiwan (ASUS sub-contractor) Hack believed to be perpetrated by Chinese Compromised a trusted channel (signed with a legitimate digital signature) for software updates Installs a backdoor to allow remote access 600 computers targeted, 500,000 computers infected www.GBAglobal.org

  5. Supermicro Hack • Supermicro (San Jose based company) sold computes to: • Central Intelligence Agency • Department of Homeland Security • NASA • U.S. Congress • U.S. military, and • Big-name tech firms such as Apple • China-based subcontractors installed a chip on the motherboard • Creates a backdoor to allow remote changes to the computer • Steal information • Inject false information • Trip a kill switch www.GBAglobal.org

  6. Knock, KnockWho's There?Flame Malware • Records audio, screenshots, keyboard activity, network traffic, Skype conversations. • Can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices. • This data, along with locally stored documents, is sent on to one of several command and control servers that are scattered around the world. • Initially infected governmental organizations, educational institutions and private individuals. • Was signed with a fraudulent certificate purportedly from Microsoft www.GBAglobal.org

  7. Attack Surfaces & Vulnerabilities Supply Chain Attacks Occur at Manufacturing Assembly Interdiction www.GBAglobal.org

  8. Traditional Security Paradigm Attributes Results 999 million records hacked in 2018 231 million records hacked in 2017 538 million records hacked in 2017 • Restrict access • Put impenetrable walls around it • But, if you get in  Jackpot www.GBAglobal.org

  9. Organizations Hacked (2016-2018) www.GBAglobal.org

  10. Cybersecurity: Paradigm Shift Warning This content may make your head explode Historically the security of transactions was maintained by keeping information about the transaction from other people so they could not use it to steal or wrongfully use information or assets The new paradigm involves letting everyone see it, validate it and confirm that it is true. For example, how do you prove that Washington is the capital of the US? You do not have to because it is general knowledge. 180 degree paradigm shift

  11. Cybersecurity (Continued) • Most PKI implementations use centralized, trusted third party Certificate Authorities (CA) to issue, revoke, and store key pairs for every participant • Hackers can compromise them to spoof user identities and crack encrypted communications. Examples include: $101 million stolen from the Bangladesh Bank Democratic National Committee email leak Vietnam Airlines data breach DDod attacks of Dyn Corporation (DNS Provider) resulted in major internet outages across Europe and North America Internet company, Cloudflare leaked personal information from users of thousands of website including Nadaq, Bain Capital, OKCupid, ZenDesk and Cisco Netflix was hacked resulting in the posting of unreleased shows for failing to meet ransom demands Digital cosmetic surgery photos and ID scans of thousands of clients from 60 countries were obtained and posted online for failure to meet ransom demands What do they all have in common? Centralized vulnerability A distributed blockchain makes these types of attacks virtually impossible

  12. Blockchain Systems & FISMA Requirements https://bit.ly/2UUGn1u www.GBAglobal.org

  13. Blockchain Paradigm Shifts • Distributed Ledger Technology (DLT) – nothing new – move along • Blockchain (decentralized DLT) = new paradigm • New School • Let everyone see it and know if it is real or counterfeit • But, only let those who need to know the information know what it is • From the first blockchain (bitcoin) to new protocols launched this year, lets explore. www.GBAglobal.org

  14. Blockchain Protocols www.GBAglobal.org

  15. Choices PRIVATE HYBRID PUBLIC

  16. A Tale of Two Blockchains

  17. Lots of Choices (Continued) • Basics • Private or public (seems obvious if it must receive an ATO) • Private/permissioned blockchains • Advantages • Faster and easier to scale • Easier to get through FISMA / ATO process • Disadvantages • Requires untrusted parties to trust the system admin(s) • Coindesk reported that IBM & Maersk struggle to sign up partners for its blockchain supply chain product (October 28, 2018) because competitors did not trust each other. • https://www.coindesk.com/ibm-blockchain-maersk-shipping-struggling www.GBAglobal.org

  18. Lots of Choices (Cont) • Private or public (continued) • Public/permissionless blockchain • Advantages • Trust placed in the system, not people • immutable • Disadvantages • Speed and scaling issues (being resolves) • Immutable www.GBAglobal.org

  19. How Blockchains Work

  20. Management Vs Governance • All government legal and regulatory requirements are based on this premise • Traditional systems are managed with people, process and technology • However, each year hundreds of billions of dollars worth of bitcoin are transacted with • On a public blockchain with • No organization managing it • No individuals are paid to administer it • No written laws, regulations, procedures or SOPs • No cybersecurity audits • No data centers, no accounting, no legal representation…… And, it has never been hacked • Future (not today) systems will have governance models with • Incentives • Consensus protocols • Decentralized governance www.GBAglobal.org

  21. Using Artificial Intelligence (AI) AI being used for • Security • Streamlining • Vendor selection & monitoring • Inventory management www.GBAglobal.org

  22. What are Paradigm Shifts? • Paradigms are the lenses by which we view the data, understand the context and determine outcomes.

  23. When paradigms change there are… Winners Losers

  24. Why? Some people are like this…… Others like this…..

  25. Paradigms “The Americans have need of the telephone, but we do not. We have plenty of messenger boys”. William Preece, British Post Office (1876) “The horse is here to stay but the automobile is only a novelty – a fad”. Horace Rackham, Michigan Savings Bank President to Henry Ford’s Lawyer (1903) “I think there is a world market for maybe five computers”. Thomas Watson, IBM President (1943) “Television won’t be able to hold on to any market it captures after the first six months. People will soon get tired of staring at a plywood box every night”.Daryl Zanuck, 20th Century Fox (1946) “Cellular phones will absolutely not replace local wire systems.”Marty Cooper, Pioneer of wireless communication (1981) “I predict the Internet will soon go spectacularly supernova and in 1996 catastrophically collapse”. Robert Metcalfe, 3Com Founder (1995)

  26. Paradigms (continued) • 2010 (Bitcoin price: $0.23) • “Why Bitcoin can’t be a currency” – The Underground Economist • 2011 (Bitcoin price: $15.15) • “So, That’s the End of Bitcoin Then” – Forbes • 2012 (Bitcoin price: $13.30) • “Wired, Tired, Expired for 2012: EXPIRED – Bitcoin” – Wired • 2013 (Bitcoin price: 93.57) • “The SEC Shows Why Bitcoin Is Doomed” – Bloomberg

  27. Paradigms Now (continued) • 2014 (Bitcoin price: $327.20) • “Bitcoin’s defects will hasten its demise in 2015” – Reuters • 2015 (Bitcoin price: $395.67) • “Jamie Dimon (Chairman, CEO and President, of JPMorgan Chase) Bitcoin Will Not Survive” – Fortune • 2016 (Bitcoin price: $382.00) • “R.I.P. Bitcoin. It’s time to move on.” – Washington Post • 2017 (Bitcoin price: $5,943.06) • “Prince Alwaleed says bitcoin will implode: ‘Enron in the making'” – CNBC

  28. Inadequate planning Not enough lifeboats Reckless navigation Failure to accept facts SS Californian saw the sinking ship, but did not believed the Titanic could be sinking Many lives could have been saved Unforeseen consequences Wrong Paradigms Have Consequences

  29. How Can You Argue With Experts? • Let’s break Ex-Spurt down to its two component parts: • Ex, “former” or “has Been” • Spurt, “a drip under pressure” • Don’t use the same models from the past to predict the future, when underlying principles are different. • Cryptocurrencies are not: • FIAT currencies • Stocks • Traditional financial instruments • They are different. • Don’t automatically assume that traditional expertise is always relevant to new technologies.

  30. What Makes This Technology Secure? • Hash Functions • Converts variable data to consistently formatted data • Asymmetrical (one way) • Can not be reverse engineered • Totally random • Cryptography • Distributed Systems • The large the network, the more secure • Decentralized Systems • Uses some form of consensus algorithm www.GBAglobal.org

  31. Supply Chain Pain Points www.GBAglobal.org

  32. Supply Chain Pain Points (Cont) www.GBAglobal.org

  33. Blockchain Supply Chain Solutions • Lots to choose from • Pirate Permissioned • Guard Time (Estonia) • Blocnets (Used by US Military) • Public Permissionless & Hybrid • Simbachain (Build Your Own) www.GBAglobal.org

  34. For More Information Supply Chain Solution Providers https://bit.ly/2XEk652 www.GBAglobal.org

  35. For More Information – Search the GBA Database Thousands of Government Blockchain Members Free for Government Employees www.GBAglobal.org

  36. Over 50 Working Groups www.GBAglobal.org

  37. GBA Member Curated Content www.GBAglobal.org

  38. Articles, Publications, Presentations https://bit.ly/2CRsIOm www.GBAglobal.org

  39. For More Information Gerard Dache Executive Director Government Blockchain Association gerard.dache@GBAglobal.org 703-474-7939

More Related