Blockchain for Government

Blockchain for multinational information sharing

Share this post:

As discussed in previous articles, a blockchain network built on The Linux Foundation’s Hyperledger Fabric, hosted on a high assurance platform, is well suited for secure information exchanges across network security domains — for example, exchanging unclassified information between an unclassified network and a classified network. One form of the cross-domain use case is multinational information sharing (MNIS), sharing information between one or more foreign nations.

Typically, a shared transport, computing and application services infrastructure environment — sometimes called a mission partner environment (MPE) — is established to host each specific set of national participants and facilitate their collaboration for a given purpose, either for long standing strategic information sharing or for conducting short term, joint tactical operations. Hyperledger Fabric (HLF) blockchain private channels, offer an exciting opportunity to shrink the number and size of each shared mission partner environment to essentially the ledger itself.

The problem with traditional multinational sharing architectures

Typically, MNIS is accomplished by building out new instances of MPEs to host the member-nations participating in bilateral or multilateral communities of interest (COI). Each instance of an MPE may be deployed with a range of supporting application services — for example, organizational messaging, e-mail with attachments, chat, file shares, web/portal, or others — intended to facilitate information exchange within the boundaries of the virtually or physically isolated shared network via shared applications.

Turn your blockchain strategy into business outcomes with IBM Blockchain Services

But standing up and maintaining each new MPE requires considerable time and money.  Additionally, the hosting technology, location and application services used in each shared environment must be acceptable by, and release-able to all participating parties. As U.S. Department of Defense Chief Information Officer Terry Halvorsen stated in a keynote speech at a FedScoop event in Washington, “It does me no good to have — at DoD — the best DoD information sharing system if I cannot share that better with allies. That’s more cultural than it is technology.”

And each MPE doesn’t stand on its own, it needs to exchange release-able information with each participating coalition member’s backend national network resources via a gateway. Each gateway between an MPE and a national network is implemented using traditional cross-domain gateways or guards.  Deployment, configuration, accreditation, and operation of each cross-domain guard adds additional complexity, cost, and time to implementing and operating each MPE.

The blockchain MNIS solution: Shared ledgers as cross-domain capable MPEs

Blockchain private channels built on HLF offer the potential to shrink the number and size of shared mission partner environments. For each new MNIS requirement, simply define and deploy one or more private blockchain channels on new or existing MPE-hosted and indigenous-hosted peer and orderer nodes. Each digitally signed and immutably deployed channel configuration defines and enforces that coalition’s use-case specific sharing policies — the participating coalition members, shared ledger data fields, ledger-specific business logic, endorsement policies, element-level configuration change controls and fine-grained access controls. Channel communication between blockchain nodes occurs via channel-specific, encrypted, mutually authenticated TLS network connections. Additionally, the payload of each channel message is digitally signed and authenticated using separate (non-TLS) x509 public key infrastructure. The message payload itself may also be optionally encrypted by HLF-accessible crypto keys.

Each HLF blockchain channel can seamlessly extend beyond the MPE to each coalition member’s supporting national network via channel peer nodes hosted on a high assurance platform at each national cross-domain gateway as shown below.

This illustrates how two different coalitions can leverage the same MPE network by using separate HLF channels, one for each different coalition. A multilateral nation channel shares a ledger between all three nations (A, B and C). A bilateral nation channel distributes its ledger to only two nations (A and B). In addition, an MPE-hosted bilateral-only application is used by a joint coalition team of co-located end-users from countries A and B. The digitally signed and immutable channel configuration specifies that the bilateral application and country A and B users are authorized to read/write to the bilateral channel ledger.

The channel ledger itself, also acts as the common operational picture for all channel participants, not the consuming applications. So instead of requiring all users within the MPE to use the same application to read/write from and to the ledger in the diagram, Country A and Country B could instead each be using their own familiar indigenous application to read/write to their copy of the distributed ledger, overcoming cultural frictions.

The value to you

Re-use existing MPE resources and/or shrink the size of new MPEs by using shared private channel ledgers to lower MNIS implementation cost and timelines. Specifically, HLF private channel ledgers could potentially:

Reduce MPE costs. Re-use existing MPE resources for new MNIS requirements by configuring and deploying new channels on existing MPE resources instead of standing up whole new environments. They could also reduce the size or eliminate the need for some types of MPE-provided application services.

Increase sharing. Ledger-level sharing reduces cultural frictions by enabling countries to use more of their own familiar indigenous technology. This reduces the need to find, develop, provide, and use common infrastructure and applications. Overcome inherent cultural resistance to sharing by providing enhanced security, provenance, and accountability via immutable ledgers and their fine-grained lifecycle security controls.

Provide more timely sharing and a widely distributed common operational picture. Seamlessly extend the ledger-provided common operational picture within and across shared and national domains by using blockchain cross-domain solutions with all its attendant advantages. Expand sharing by easily and securely deploying channel configurations to new or existing blockchain nodes.

Explore more about how blockchain can be deployed as your multinational information sharing solution through the IBM Blockchain Dev Center.

I look forward to more great conversations on the advantages of blockchain as a multinational information sharing solution. Also, be sure you read my previous articles, Blockchain as a cross-domain solution and Securing your cross-domain file transfers with blockchain.

Unlock business value in more environments from AWS to IBM Cloud to IBM Z

IBM, Senior Certified Architect - The Open Group

More Blockchain for Government stories

10 startups in the next wave of enterprise blockchain business networks

In the enterprise world, the success of blockchain relies on building and scaling business networks. We’ve blazed a trail at IBM with several emerging networks such as IBM Food Trust™ and TradeLens. These blockchain networks are still in early days and show great promise, though there are many open opportunities to tackle use cases that […]

Continue reading

Privacy in blockchain collaboration with zero knowledge proofs

Consider a new applicant for a credit card who needs to convince the credit company that they have maintained sufficient average balance in their bank account over the last three months. The traditional way of doing this is for the applicant to share the bank statements over that period. But, this reveals much more personal […]

Continue reading

Blockchain for trusted IT service management

Blockchain-enabled self-sovereign identity (SSI) facilitates and secures all IT service management (ITSM) processes by providing assured, trusted identity and credentials for all configuration items (CIs) throughout their entire lifecycle. With SSI, every ITSM-applicable entity — every participating organization, person, and managed CI (network device, software instance, and others) — can be identified, identifiable, credentialed and […]

Continue reading