By design, a blockchain business network securely shares information between different organizations by distributing ledger transactions to peer nodes located throughout the business network, including nodes physically located within a competing organization’s security environment and domain. The same blockchain security design features that enable these secure cross-organizational information transfers are also ideally suited to ensure the safe, efficient and cost-effective transfer of information across different government and military network security domains — for example between classified and unclassified military networks.
The big idea
The security controls and assured sharing inherent to The Linux Foundation’s Hyperledger Fabric hosted on high assurance off-the-shelf hardware infrastructures, can provide secure, timely and consistent end-to-end sharing of information within and across disparate security domains. A blockchain-based cross-domain solution is likely to be less complex, more effective and less expensive than traditional, special-purpose cross-domain guards when mitigating the high stakes security risks of cross-domain information transfer.
Public, private, government and military organizations classify, label and protect information commensurate with the security risk it poses if disclosed without authorization. For example, unclassified information poses no risk if disclosed while inadvertent disclosure of top secret information could be expected to cause exceptionally grave damage. The most rudimentary form of protection is segregating information of different security levels on completely separate IT infrastructures and communication networks. These separate networks, however, hinder day-to-day work because typically real-world work and business processes require accessing and exchanging information at varying classifications.
Traditionally, highly specialized IT systems known as cross-domain guards sit at the boundary of each security domain reading files from a designated source location in one security domain and applying a pre-approved filter for that specific source to each file. These filters and controls verify the integrity and contents of the file to satisfy security policies then write the file to a designated target location in the other security network. These cross-domain data flows are either low-to-high — lower security classifications to higher ones — or high-to-low.
The concern for low-to-high guards is preventing the introduction of dangerous computer files like viruses or malware, and preventing a reverse flow of data. The chief concern for high-to-low guards is preventing unauthorized leakage of higher classification data to the lower classification network. High-to-low data transfer rates and volume are typically much slower and smaller than low-to-high because the data must be manually verified as appropriately classified prior to sending to the lower classification network.
Traditional cross-domain solutions (CDS) are expensive due to lengthy and complex approval and implementation processes, and specialized equipment and skill sets. Any changes to a data flow also require extensive, expensive, and lengthy approval and implementation processes. These frictions inherent to traditional CDS’s hinder effective and timely information sharing.
The blockchain solution
In a blockchain network, the role of cross-domain guard would be performed by a blockchain network peer installed on a high assurance platform, referred to as a High Security Business Node (HSBN). Data movement within the distributed cross-domain blockchain business network takes the form of cryptographically secured transactional updates to a shared ledger held by each node in a specific members-only channel of the business network.
The other peer nodes of the blockchain business network reside in one or the other security domains, either high or low, receiving the protected blocks of endorsed ledger transactions. Endorsed ledger updates to peers located on the opposite security domain occur via the border HSBN to provide assurance that the Blockchain-provided security controls cannot be bypassed or overridden.
The value to you
A blockchain cross-domain solution reduces frictions to your information exchange process and improves accessibility, accountability and traceability of information exchange. Specifically, it provides:
A single shared view of each asset throughout its life cycle regardless of the network domain.
In a standard cross-domain guard, there is no way to ensure the information residing on each side of the guard remains in sync over its lifecycle. The scope of the guard’s visibility and control is limited.
Auditable control and oversight of asset information throughout the life cycle.
The shared ledger provides a definitive, unalterable record of what was shared and by whom, even across network security domains. This eliminates trying to track and tie together the separate guard-only data flows.
Information sharing rather than merely moving data.
Data controls and sharing occur naturally and directly via the shared ledger as part of the normal blockchain business network. A traditional guard merely moves data. Extending information sharing to other security domains is easily done by deploying additional HSBN-hosted nodes and channels.
Reduced cost with higher security.
The technology leverages commercially maintained open source blockchain rather than proprietary, one-off, special-purpose, limited market guard technologies. A larger user base translates to more demand, faster detection of shortcomings, and shorter innovation and repair cycle.
Explore more about how blockchain can be deployed as your cross-domain solution through the IBM Developer.
I look forward to more great conversations on the advantages of blockchain as a cross-domain solution.
The combination of a pandemic and a record-setting year of extreme weather events has reminded leaders in every industry that the health of our people, our global economy and the environment are inextricably linked. Sustainability is now a strategic business imperative, critical to creating new levels of resiliency and responsible practices that preserve our planet […]
As part of the CES 2021 conference, IBM’s Bob Lord participated in a panel with leaders from CVS and Delta to discuss the importance of marketers using advanced technology like AI for social good and to transform the ad industry. We sat down with him for a deeper dive. Over the last year there has […]
What excites me the most about being part of the team at IBM is the work we do for our clients that truly makes a difference in individual lives and provides for smarter and safer interactions with each other and our planet. The urgency to reopen all areas of the economy safely as we navigate […]