You can’t turn around today without running into a story about blockchain technology and smart contracts. In fact, one creative beverage company saw their stock climb 289 percent when they added the term "Blockchain" to their company name even though they have nothing to do with blockchain technology. Blockchain technology is one form of a secure, distributed ledger of transactions. In a distributed ledger, multiple copies of the secured information are geographically distributed and continuously synchronized, thereby providing redundancy, transparency, and (at least in theory) immutability. The data within each block is encrypted, but the existence of the block is visible to all participants. A distributed ledger can be a trusted source of truth in an untrusted environment. The most well-known application of distributed ledger technology is the management of bitcoin and other cryptocurrencies. However, the technology is also being used in a wide range of applications in which high-volume, secure, redundant, transparent record-keeping is critical. For example, Dubai is testing distributed ledger technology for health records, land title transfers, business registration, tourist engagement, and shipping.
What is a smart contract, anyway?
A smart contract (or smart agent) is a self-executing program that uses distributed ledger technology to store rules for a defined transaction, verify the request, and execute the agreed terms. For example, a subsidiary of RWE in Germany is running a smart contract prototype for electric car charging stations. The smart contract transfers payment for electricity used from the car owner’s digital wallet to the charging station provider. (“If electricity is used by X, then transfer €__ per kwh used from X to Y.”) Here are a just a few examples of smart contracts that are in testing or in production today:
- Peer-to-peer energy management: The Brooklyn Microgrid uses blockchain technology to facilitate neighbor-to-neighbor electricity trading from solar panels. If one member’s solar panels generate more electricity than the household needs, the extra energy credits can be sold to another neighbor automatically through a smart agent. Similar peer-to-peer power sharing projects are underway in Australia, Bangladesh, and Germany.
- Transportation and logistics: The Blockchain in Transport Alliance was formed in August 2017 by a number of transportationn and logistics companies (including UPS, FedEx, UPS and Penske) to develop industry-specific standards for smart contracts in trucking, transportation, and logistics. For example, a smart contract-based bill of lading could dramatically reduce shipping delays that arise when the shipment arrives before the bill of lading.
- Insurance: AXA is now testing flight-delay insurance that is managed and paid out through smart contracts. The AXA platform monitors air traffic databases and automatically triggers a payout when a delay of over two hours is registered on the distributed ledger. The customer doesn’t need to take any action to file a claim, and the system provides transparency to claims processing procedures.
- Financial markets: More than 100 global financial institutions joined the R3 consortium that just released an open-source distributed ledger platform to facilitate the development of smart contract applications for financial institutions.
What are the downsides and risks of smart contracts?
A smart contract is only as smart (and as secure) as the code in which it is written and the infrastructure in which it operates. For example, in May 2016, DAO, an open source smart-contract-based investment fund, raised over $150 million of cryptocurrency within 27 days. During this time, a paper was published identifying a number of security vulnerabilities in the infrastructure. A month later, hackers siphoned off $50 million in an attack that exploited a number of vulnerabilities, including the ones identified in the paper. Smart contracts are built for binary conditions, but the physical world isn’t binary. Slock.it in Germany has developed a prototype to use smart contracts to automate renting Airbnb apartments. When payment is made, the smart contract unlocks the door. What happens if you open the door to find that the room was not as advertised or has non-working heating or plumbing? Non-binary (real-world) contracts include ways to address and resolve disputes. Smart contracts are based on interfaces, business rules, and data. As technology evolves, the smart contracts will need to be upgraded in order to maintain compatibility with the operating platforms and continue to operate correctly. “Immutable records” still need to be able to be read in order to be useful. Cybersecurity best practices and attack vectors will continue to become more sophisticated. Both the code used to create smart contracts and the platforms on which they operate will also need to be reviewed regularly for newly-discovered vulnerabilities. Smart contracts provide the next opportunity to streamline and automate many routine transactions as well as the next opportunity for hackers to disrupt those processes.
Zero Trust and the Seven Tenets
Understand the principles of Zero Trust in cybersecurity with Tripwire's detailed guide. Ideal for both newcomers and seasoned professionals, this resource provides a practical pathway to implementing Zero Trust, enhancing your organization's security posture in the ever-evolving digital landscape.