As discussed in previous articles, a blockchain network built on The Linux Foundation’sHyperledger Fabric, hosted on a high assurance platform, is well suited for secure information exchanges across network security domains — for example, exchanging unclassified information between an unclassified network and a classified network. One form of the cross-domain use case is multinational information sharing (MNIS), sharing information between one or more foreign nations.
Typically, a shared transport, computing and application services infrastructure environment — sometimes called a mission partner environment (MPE) — is established to host each specific set of national participants and facilitate their collaboration for a given purpose, either for long standing strategic information sharing or for conducting short term, joint tactical operations. Hyperledger Fabric (HLF) blockchain private channels, offer an exciting opportunity to shrink the number and size of each shared mission partner environment to essentially the ledger itself.
The problem with traditional multinational sharing architectures
Typically, MNIS is accomplished by building out new instances of MPEs to host the member-nations participating in bilateral or multilateral communities of interest (COI). Each instance of an MPE may be deployed with a range of supporting application services — for example, organizational messaging, e-mail with attachments, chat, file shares, web/portal, or others — intended to facilitate information exchange within the boundaries of the virtually or physically isolated shared network via shared applications.
But standing up and maintaining each new MPE requires considerable time and money. Additionally, the hosting technology, location and application services used in each shared environment must be acceptable by, and release-able to all participating parties. As U.S. Department of Defense Chief Information Officer Terry Halvorsen stated in a keynote speech at a FedScoop event in Washington, “It does me no good to have — at DoD — the best DoD information sharing system if I cannot share that better with allies. That’s more cultural than it is technology.”
And each MPE doesn’t stand on its own, it needs to exchange release-able information with each participating coalition member’s backend national network resources via a gateway. Each gateway between an MPE and a national network is implemented using traditional cross-domain gateways or guards. Deployment, configuration, accreditation, and operation of each cross-domain guard adds additional complexity, cost, and time to implementing and operating each MPE.
The blockchain MNIS solution: Shared ledgers as cross-domain capable MPEs
Blockchain private channels built on HLF offer the potential to shrink the number and size of shared mission partner environments. For each new MNIS requirement, simply define and deploy one or more private blockchain channels on new or existing MPE-hosted and indigenous-hosted peer and orderer nodes. Each digitally signed and immutably deployed channel configuration defines and enforces that coalition’s use-case specific sharing policies — the participating coalition members, shared ledger data fields, ledger-specific business logic, endorsement policies, element-level configuration change controls and fine-grained access controls. Channel communication between blockchain nodes occurs via channel-specific, encrypted, mutually authenticated TLS network connections. Additionally, the payload of each channel message is digitally signed and authenticated using separate (non-TLS) x509 public key infrastructure. The message payload itself may also be optionally encrypted by HLF-accessible crypto keys.
Each HLF blockchain channel can seamlessly extend beyond the MPE to each coalition member’s supporting national network via channel peer nodes hosted on a high assurance platform at each national cross-domain gateway as shown below.
This illustrates how two different coalitions can leverage the same MPE network by using separate HLF channels, one for each different coalition. A multilateral nation channel shares a ledger between all three nations (A, B and C). A bilateral nation channel distributes its ledger to only two nations (A and B). In addition, an MPE-hosted bilateral-only application is used by a joint coalition team of co-located end-users from countries A and B. The digitally signed and immutable channel configuration specifies that the bilateral application and country A and B users are authorized to read/write to the bilateral channel ledger.
The channel ledger itself, also acts as the common operational picture for all channel participants, not the consuming applications. So instead of requiring all users within the MPE to use the same application to read/write from and to the ledger in the diagram, Country A and Country B could instead each be using their own familiar indigenous application to read/write to their copy of the distributed ledger, overcoming cultural frictions.
The value to you
Re-use existing MPE resources and/or shrink the size of new MPEs by using shared private channel ledgers to lower MNIS implementation cost and timelines. Specifically, HLF private channel ledgers could potentially:
Reduce MPE costs. Re-use existing MPE resources for new MNIS requirements by configuring and deploying new channels on existing MPE resources instead of standing up whole new environments. They could also reduce the size or eliminate the need for some types of MPE-provided application services.
Increase sharing. Ledger-level sharing reduces cultural frictions by enabling countries to use more of their own familiar indigenous technology. This reduces the need to find, develop, provide, and use common infrastructure and applications. Overcome inherent cultural resistance to sharing by providing enhanced security, provenance, and accountability via immutable ledgers and their fine-grained lifecycle security controls.
Provide more timely sharing and a widely distributed common operational picture. Seamlessly extend the ledger-provided common operational picture within and across shared and national domains by using blockchain cross-domain solutions with all its attendant advantages. Expand sharing by easily and securely deploying channel configurations to new or existing blockchain nodes.
Explore more about how blockchain can be deployed as your multinational information sharing solution through the IBM Blockchain Dev Center.
Powerful technologies and expertise can help provide better data and help people better understand their situation. As the world contends with the ongoing coronavirus outbreak, officials battling the pandemic need tools and valid information at scale to help foster a greater sense of security for the public. As technologists, we have been heartened by the […]
In the past year, the IBM Blockchain Platform has made great strides in providing the most advanced tooling and deployment flexibility for building enterprise blockchain networks. Last September, we released a fully multicloud version of IBM Blockchain Platform software optimized for RedHat OpenShift and able to run on any Kubernetes-based environment. Today, we are excited […]
When we act as a global community to govern and resolve, we rely on openness, transparency, trust and authenticity in tandem with other stakeholders. Technology solutions, like blockchain technology, facilitate openness, transparency and authenticity. The world came to Davos for its 50th Annual Meeting since the World Economic Forum (WEF) has championed the Fourth Industrial […]