Blockchain for Feds: Panacea or Pipe Dream?

A number of agencies are piloting blockchain solutions to see if it indeed can deliver on security promises through transaction validation due to its use of distributed ledger technology. For example, CDC is launching a blockchain pilot program to test health records management and Treasury’s Fiscal Service just completed a five month proof-of-concept using blockchain technology for physical asset management.  

The Congressional Blockchain Caucus plans to hold a series of meetings in 2018 to educate Congress on the technology's use in digital identity, payments and supply chain mechanisms. In January, the organization hosted a panel of technologists from academia, the private sector and the public sector who highlighted areas where federal standards could help foster blockchain’s growth. Due to the sensitive nature of federal data, privacy and security standards are needed for blockchain before agencies can capitalize on the technology.

Also in January, NIST released a draft overview of blockchain technology in part to dispel some of the myths surrounding the technology. NIST’s report explains at a high level how the technology works, and specific applications and examples for its use.  NIST describes five common misconceptions about the technology:

• No one is in control
• It’s totally secure
• No need for trust
• It’s lightweight processing
• It supports identity management

NIST stated its goal for releasing the report was to get past the hype and to put the technology in perspective so decision-makers can make educated decisions about where it might be useful and where it might not.

Due to reservations over cybersecurity, some lawmakers have expressed concerns about moving forward too rapidly with blockchain technology. At a February hearing of two subcommittees of the House Science, Space and Technology Committees, members worried if government applications using blockchain could be hacked like some cryptocurrency wallets and exchanges have been. Charles Romine, director of the IT Lab at NIST, said he believes it would be “extremely difficult” in “most cases” to alter blockchain records.

Blockchain shows promise for managing electronic health records, however there are drawbacks. Chris Jaikaran, a cybersecurity policy analyst at the Congressional Research Service, testified at the February hearing that although blockchain is being tested by industry for health records management, “at this time [it] does not appear to be a complete replacement for existing systems.” He cited pitfalls of the technology being used in this manner:

• All the providers would have to be on the same blockchain, so they all have some kind of identity, in order to gain access to a patient’s record
• Users/patients would have to take a more active role in managing their record for themselves
• The application of blockchain to EHRs would still be governed by federal and state privacy laws (e.g. HIPAA and the HITECH Act. Lack of standards, data processing and storage could inhibit its adoption
• EHRs would still be retained on provider systems which means “the record itself [would] still rely on the security measures of those healthcare organizations.” If an attacker attacks the data store of the provider instead of the blockchain, the record would be vulnerable.

Nevertheless, federal agencies are still excited about the technology’s potential and are testing its use. For example, ONC has sponsored competitions in the last couple years to seek suggestions for how the technology could be used within healthcare. Treasury’s Fiscal Service recently finished a successful proof-of-concept using blockchain technology for inventory management of cellphones. They experienced “marked improvement in transparency and efficiency,” according to program manager Craig Fischer. However, he also admitted that “utilizing a blockchain is a bit more complicated than initially expected. You really have to understand the problem you’re trying to solve.”

Expect federal agencies to continue to pilot and test blockchain technology over the next few years. Guidelines, standards and frameworks still need to be developed, potentially by NIST, in order to reap the full benefits of blockchain. Over time, opportunities will arise for contractors to assist agencies as they identify appropriate application of blockchain and as they implement blockchain solutions.