Treasury Today Country Profiles in association with Citi

Sibos 2018: Cyber-security and blockchain pose questions about individual responsibility

Circuit board with padlock lit up in the middle

Blockchain and cyber-security were hot topics at Sibos and a common thread ran between the potential of former and challenge of latter: the exercising of individual responsibility.

As possibly the single most powerful concept to have emerged from the fintech industry – some would say the most hyped – blockchain was one of the major talking points at Sibos in Sydney. But while blockchain is generally associated with notions of decentralisation and transparency much of the discussion at Sibos revolved around public and permissioned blockchains.

The differences between public and permissioned blockchains are marked. On a public chain anyone can be a user; a prime example of course being the bitcoin chain.

For the financial sector though, with regulations like KYC and AML major issues, permissioned blockchains operated by known entities such as banks are seen as more appropriate. They place restrictions on who is allowed to participate on the network and participants need to obtain an invitation or permission to join.

Governments, banks and fintechs globally are working on application of blockchain across public and commercial sectors. The Australian Stock Exchange, for example, has been experimenting with the technology for securities settlement but its blockchain is strictly private: ASX is very firmly of the view that cryptography, being breakable, cannot be trusted for high value financial transactions.

An interesting blockchain experiment earlier this year saw the central banks of Singapore and Canada connect their respective blockchains, called Ubin and Jasper. Although these and many other demonstrations of technical feasibility are impressive, there are numerous issues to address before even the most enthusiastic central banks embrace blockchain for fiat currency.

The trillion-dollar problem

Another big topic at Sibos was cyber-security – not surprising since it costs the world US$1trn or more (3-5% of global GDP of US$88trn in 2018 by one estimate). Apart from the economic damage caused this means the bad guys are very well funded indeed. Perhaps even more worryingly, there is “honour amongst thieves” and effective global collaboration amongst them. Meanwhile, the ‘good guys’ have failed to ratify an already outdated 2001 Budapest Convention, the first international treaty seeking to address internet and computer crime by harmonising national laws. Governments have failed miserably so far to work together to combat cybercrime.

On the matter of who the bad guys are, the consensus seems to be that the criminals working through a presence on the dark web are a bigger threat to banks than nation states and hackivists. It may be some relief to reflect that the dark web does not want to kill their golden goose, so would be unlikely to deliberately bring down the banking system itself.

So, what can we do? There was wide agreement at Sibos that security technology per se is broadly adequate, the big caveat being that it only works when properly set up. Most hacking seems to be social hacking and exploits human laziness or lack of care when interacting with the web. This prompted talk of educating the population about “cyber hygiene”, just as people were taught to wash their hands a century ago, delivering huge benefits for global health.

Key elements of cyber hygiene include:

  • Activating passwords and two factor authentication and biometrics on devices.

  • Changing the passwords on all newly bought internet enabled devices immediately after unwrapping rather than leaving them on factory set passwords.

  • Applying security patches promptly.

There is a common thread running through developments in blockchain and rise of cybercrime and it relates to individual responsibility. Cyber-security relies on individuals and companies to exercise proper cyber hygiene but this is an effort and represents friction on the internet when most people just want a smooth experience.

In a similar way, the notion of “self-sovereign identity” on the blockchain aspired to by its enthusiasts is an antidote to a world wide web that for critics has become a “dopamine slot machine”. Yet are people really willing to spend time and effort on curating their own identity on the web? Humanity has a long track record of accepting central control so long as it is convenient.