Department of Health and Human Services
HHS received the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) directive to implement security monitoring. CDM relies heavily on log data, which are digital records that help determine what has happened at any given point on a system. However, logs can be corrupted, provide inconsistent data, or contain vulnerabilities. If the data from these logs cannot be trusted, damaging security vulnerabilities and unreliable CDM reports can result. Because some data was unreliable, employees spent months trying to find the sources of identified issues, sometimes never discovering what was changed, by whom, and where.
Octo aimed to create a quick source of truth and usability to ensure logs could not be changed, were available in real-time with minimal impact to daily operations and cost, and were secure. To meet this goal, Octo created Logchain, the first blockchain tool to be used in the Federal Government for cyber security purposes. Using blockchain to analyze transactions, Octo was able to track data that had been deleted or updated, identify who made the changes, and locate the machine on which the changes were made. By using this emerging technology, HHS could also add other customers or programs through nodes that could replicate the functionality of this proof of concept to encompass all areas of HHS.
Logchain proved agency leaders can identify and document what occurred during any transaction via the blockchain network through a process that can be implemented enterprise-wide. This creates a system with less vulnerability and data that can be trusted, saving time while boosting security. Additionally, CDM requirements can be met more rapidly and with greater confidence than ever before.