Select Page

“The digital identifiers anchored on a blockchain such as CORD do not contain Personally Identifiable Information (PII) or Sensitive Health Information (SHI) of the data principal.”

To deal with the problem of cyber incidents which are becoming increasingly sophisticated, and are posing significant threat to the confidentiality, integrity and availability of data, the Union Ministry of Home Affairs has set up the ‘Indian Cyber Crime Coordination Centre’ (I4C).

A major initiative for law enforcement in cyberspace, I4C is equipped with technology, manpower and authority to deal with all types of cyber crimes in the country, in a coordinated and comprehensive manner. Blockchain is among the technologies that are being used to strengthen the cyber defences of critical institutions.

On the subject of how blockchain technology can be a potential tool for strengthening cyberspace, Satish Mohan, Founder and CTO, Dhiway, spoke to ETGovernment.

Edited excerpts:

How can blockchain technologies be leveraged to ensure the integrity and security of digital identities?

In modern digital ecosystems, everyone must be able to manage and govern their digital identity and digital identifiers. Blockchain-anchored digital IDs enable both these capabilities while also enabling data tamper resistance. Self-verifying digital IDs based on cryptography result in more secure data exchange and reduce the risks to any relying party from tampered or out-of-date data.

What are the key cybersecurity challenges that blockchain-based approach is being used to address? How does this approach help in reducing the spate of cybercrimes in India’s cities and towns?Cybercrimes add social engineering with access to data (often PII) to be successful. When the data exchange between verified entities and the extent of the data can be managed through a consent mechanism of the data principal, the footprint of the crime is reduced. Rethinking the simple acts of “trust” via data exchange in terms of “verifiable data exchange” ensures that the data principal can demand the credentials of the relying party or verifier. Verifiable data exchange will also mitigate the flawed approach of “gathering as much information as possible” instead of acquiring only purpose-specific data points.How does blockchain-based identity and access management mitigate the risk of financial fraud in digital transactions?A foundational requirement for any digital transaction is trust. The transacting parties must have the means of requesting, receiving and verifying the necessary data points, enabling them to proceed with a trust task such as a digital transaction. Blockchains like CORD aid in this verification process, thus establishing one aspect of digital trust. The other aspect emerges from the existence of digital data registries built on CORD, which allow anyone to verify the legal existence of a business along with additional contextual information that the business offers. These capabilities help address the unknowns that create the perverse fraud incentives.

Give us some examples of real-world scenarios where blockchain technology has been deployed for dealing with cyber threats and preventing identity theft?

<p>Satish Mohan, Founder and CTO, Dhiway</p>
Satish Mohan, Founder and CTO, Dhiway

The FinTech and Telco sectors have been leading in implementing blockchain technology to manage digital identity and have robust KYC processes. Some large banks (such as Santander, JPMC, UBS, and others) have adopted distributed ledger-based approaches such as blockchain to deliver high-quality KYC and AML workflows and comply with regulations. In the case of telecommunications, service providers use blockchain technology to mitigate the risks from the exchange of phishing and spam messages, which are one way for cybercriminals to reach victims.

In what ways does blockchain ensure the privacy of user data while maintaining the transparency and immutability inherent in blockchain technology?

The digital identifiers anchored on a blockchain such as CORD do not contain Personally Identifiable Information (PII) or Sensitive Health Information (SHI) of the data principal. The data principal has the agency to share and disclose information selectively instead of the “all or nothing” pattern we are accustomed to. Like the “zero party data” model, this approach ensures that more purpose-specific information is exchanged between parties, reducing the available data points to be breached and traded.

How does this solution handle scalability concerns, especially considering the growing volume of digital identities and transactions?

Any implementation of the CORD blockchain is designed for scale-out and scale-up. While the minimal compute, memory and storage requirements are sufficient for high-volume transactions, the blockchain implementation can be configured according to the business needs to deliver both high-speed transactions and low latency.

Is this blockchain technology compatible with India’s regulations, especially the data protection and privacy laws?

During the design and development of the CORD project, we have been mindful of the emerging landscape of data regulation, data exchange, privacy, and notice and consent frameworks. This helped us participate in some conversations while simultaneously building and designing CORD so that early adopters would be wholly aligned with the regulatory requirements around data governance.

How do you see blockchain technology influencing the future of cybersecurity?

As data confidentiality, integrity, and continuous data assurance become integral to the dynamic data economy, we see technologies like the CORD blockchain offering enterprises plug-and-play frameworks that align with emerging cybersecurity trends. The ability to offer authentic data streams, with provenance through cryptography, helps formulate IT policies designed to address and mitigate risks arising from exchanging tampered or morphed datasets, creating a high-risk event.

What kind of growth are you expecting in India’s market?

The availability of a blockchain-based trust infrastructure at the national level in the form of Confidex (from ONDC) and other deployments of the CORD blockchain framework provides the essential foundation. These digital public infrastructure (DPI) allows the emerging needs around verifiable data streams across business domains such as education and skilling, travel and hospitality, fintech, and health services. The availability of reusable digital identifiers linked to verifiable credentials and data will spur the growth of digital services built around the exchange of authentic data. We are looking at a period of adoption where the design and delivery of new services and unique consumer experiences are possible primarily through DPIs and personal agents such as wallets.

  • Published On Mar 28, 2024 at 05:40 PM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETBFSI App

  • Get Realtime updates
  • Save your favourite articles

icon g play

icon app store


Scan to download App
bfsi barcode

Share it on social networks