By Cesar Tavares, Sr. Director of Technology and Innovation
Octo is known for its innovative solutions to complex problems. While we demonstrate this daily, one project continually surfaces, illustrating what we mean by innovation: Octo applied blockchain in the public health care sector to boost cybersecurity for the U.S. Department of Health and Human Services (HHS), a history-making first for the agency in charge of fostering sound, sustained advances in medicine, public health, and social services. The result? A scalable solution that can be implemented in almost any agency to strengthen cybersecurity and keep data secure.
The problem of securing health data
It started with cybersecurity compliance. Launched in 2012, the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program was developed to help agencies strengthen their security posture by, in part, improving federal cybersecurity response capabilities. This requires consistent monitoring. HHS received the CDM directive to implement security monitoring.
CDM relies heavily on log data, which are digital records that help determine what has happened at any given point on a system. However, logs can be corrupted, provide inconsistent data, or contain vulnerabilities. If the data from these logs cannot be trusted, there can be damaging security vulnerabilities and unreliable CDM reports. Because some data was unreliable, employees spent months trying to find the sources of identified issues, sometimes never discovering what was changed, by whom, and/or where. Having an established, trusted relationship with HHS, Octo aimed to alleviate this problem.
A blockchain solution for federal health
Using emerging tools and technology, our team developed a quick source of truth and usability to ensure logs could not be changed, were available in real-time with minimal impact to daily operations and cost, and were secure. How? Team Octo created Logchain, the first blockchain tool to be used in the Federal Government for cybersecurity purposes. Using blockchain to analyze transactions, Octo was able to track data that had been deleted or updated, identify who made the changes, and locate the machine on which the changes were made.
The most innovative element of this emerging technology solution was the use of blockchain and its inherent provenance as a cybersecurity audit tool. The addition of an automated capability for tracking log files as they were created and modified expedited audit time and increased audit accuracy while reducing required effort and resources to conduct the audits.
Blockchain technology provides government with stronger cybersecurity
Using blockchain-powered Logchain, HHS auditors were able to review more than 10,000 log files in hours – not months, as the process previously required. Auditors were able to investigate deeper issues and analyze trends in the data, not pore over mountains of data. Harnessing blockchain, Logchain enabled the massive time audit savings and the secure, quick source of truth and usability HHS needed. It ensured logs could not be changed and were still available in real-time with minimal impact on daily operations and cost. Logchain strengthened HHS’s security posture by allowing issues with log files to be identified much sooner, permitting timelier response by HHS security personnel.
Logchain offered other potential benefits for government cybersecurity. First, by using this emerging technology, HHS could add customers or programs through nodes that could replicate the functionality to encompass all areas of HHS. Second, Logchain proved agency leaders could identify and document what occurs during any transaction via the blockchain network through a process that could be implemented enterprise-wide. This could create a system with less vulnerability and data that can be trusted, saving time while boosting security. Third, Logchain allowed CDM requirements to be met more rapidly and with greater confidence than ever before. Finally, the solution could be paired with AI and other technologies to boost effectiveness and reach.
ACT-IAC says in its Blockchain Playbook, “Blockchain has the potential to help government mitigate fraud, reduce errors, and lower the cost of paper-intensive processes, while enabling collaboration across multiple divisions and agencies to provide more effective and efficient services to citizens.” Octo recognizes this and continues to use blockchain to develop a variety of solutions for federal customers. For information on how Logchain and other blockchain solutions can secure your federal government agency’s data, reach out to a member of our team.