By Chris Adkins, chief scientist at Identify3D
Modern manufacturing is driven by digital data that must be secured. The transition from the classic engineer–manufacture–distribute model to the Industry 4.0 model of engineer–distribute–manufacture means that manufacturing and IT teams must address the implications of digital IP information flowing across engineering, distribution, manufacturing, and logistics/tracking.
Is blockchain the solution?
Applications for blockchain technology have exploded: from cryptocurrencies to medical record-keeping—and across commercial and government sectors. Many of these applications tout security as a key advantage provided by blockchain. As digital manufacturing becomes an integral (sometimes the primary) technique for many manufacturers, ensuring the integrity of the so-called digital thread is a top concern.
So therefore blockchain would be the perfect solution for the needs of manufacturers? To some extent, it may appear so.
The core structure and components of blockchain technology provide an immutable record of data that can be verified and shared by a group of semi-trusted members. A blockchain is composed of a set of sequential data blocks, each with a secure hash digest that represents the fingerprint of the data and links the data of the current block with the data of all previous blocks.
Once a new block of data is presented as a candidate for the blockchain, all members have the ability to check that the hash digest of the candidate block is valid, and that there are no changes to any previous data on the blockchain. This ensures the integrity of the entire set of data blocks—making it a candidate for securing a digital-manufacturing supply chain.
In fact, the application of blockchain technology in the manufacturing sector has not necessarily lived up to expectations. A recent Gartner study found that 90% of blockchain-based supply-chain projects are failing “due to a combination of technology immaturity, lack of standards, overly ambitious scope, and a misunderstanding of how blockchain could, or should, actually help the supply chain.”
How is it that a technology offering decentralization, immutability, security and transparency is apparently not measuring up in the manufacturing sector? To answer this question, let’s look at how well blockchain addresses the three paramount concerns of manufacturers: confidentiality, authenticity and integrity.
Confidentiality can be understood as simply protecting data from being accessed by unauthorized parties. In traditional systems, access control, along with data encryption, protect the privacy of data. However, with blockchain, access control is much more difficult because each node in the blockchain network has access to the full dataset. Therefore, the same level of data protection must be implemented at each node. A single member with poor cybersecurity protections may leak confidential data. Even though technological options for data encryption within a blockchain network are emerging, cryptographic key distribution and protection at each node is extremely complex. Complexity in cryptographic systems always leads to vulnerabilities. Blockchain rating for confidentiality: D
Authenticity certifies that the data accurately characterizes what it purports to represent. Blockchain does provide a robust, shared record of data and this aspect should not be confused with authenticity. Although blockchain provides an immutable record of all transactions accepted, there is no guarantee that the data generated outside of the blockchain is authentic. With ledger-recording applications, for the data to be meaningful, it should represent genuine transactions, operations and processes actually taking place within the supply-chain workflow. The blockchain only verifies that the stored data conforms to a predefined rule agreed to by the participants. So, there is a gap between the blockchain input, and where and how the data actually originated, allowing for modification and forgery. Blockchain rating for authenticity: C
Integrity refers to the assurance that data has not changed since it was stored within a system. Data integrity is perhaps blockchain’s strongest attribute. A hash-linked chain of data blocks provides a very strong defense against data modification. However, blockchain still has the same type of cybersecurity vulnerabilities as centralized solutions. For instance, an attack on a single node can modify the node’s local blockchain data without knowledge of that node’s owner. Nevertheless, blockchain provides a solid basis here. Blockchain rating for integrity: A
To determine whether blockchain technology is a good fit for your manufacturing supply chain, ask these three questions:
1. Do all members of the consortium want to freely share data?
If data confidentiality is a concern, then you should consider additional technologies that complement the standard blockchain solution. These can be privacy solutions built into Hyperledger Fabric or Sawtooth, or industry-specific solutions that sit on top of the blockchain to provide data encryption and access controls.
2. How will you authenticate the data that is added to a blockchain?
A thorough understanding of the risks associated with unverified data is needed in order to determine which data must be authenticated as it moves into or out of the blockchain. Once the requirements are understood, then select a robust external system that provides the desired level of authentication. For instance, if a manufacturing policy required to produce a part is stored on the blockchain, then that system must enforce the policy during the manufacturing process to ensure quality standards are met.
3. Is there a third-party audit or certification party that requires access to important data within your supply chain?
There are two important considerations to assess to enable auditing capabilities.
- Determine the exact data required by the auditor and then ensure there is a robust oracle solution that extends the reach of the blockchain to protect the integrity of this data at its source.
- Ensure that only the auditing participant has access to data that must be kept confidential from other members. In order to do so, traceability and authentication mechanisms targeting specific data throughout the digital supply chain must be implemented.
Like any ground-breaking technology, the application of blockchain in supply chains boils down to its use cases. Too often, a technology is promoted ahead of the potential issues and challenges it is supposed to resolve—the classic “hammer looking for nails” conundrum. If there is a limited number of stakeholders, no intermediary to disintermediate, a high requirement for authenticity and confidentiality, blockchain might not be the right solution. If that is not the case and data integrity is paramount, then it might just be the right fit.