A conversation with Promontory’s Dr. Phyllis Schneck

By James M. Marconi
Director of Public Relations, NDTA

Fast, secure, transparent. These qualities define the technologies that are transforming both personal and business transactions.

One such technology, blockchain, enables the cryptocurrency Bitcoin. But blockchain’s potential value extends far beyond digital money. Several organizations are experimenting with blockchain’s possibilities for the global supply chain, everything from managing food fraud to ports and shipping.

Dr. Phyllis Schneck, currently the managing director of cyber solutions at Promontory, is a cybersecurity expert who will deliver a featured presentation on blockchain technology and another business enhancer – big data – at this year’s NDTA-USTRANSCOM Fall Meeting in St. Louis.

Schneck provided a brief overview of both topics during a conversation with DTJ. The following is the second part of the interview (part 1 is available here), and has been edited for length and clarity:

DTJ:  I appreciate that overview. You touched on this with a couple of points, but at a broad level, what’s the practical value in using blockchain technology?

Dr. Schneck:  You can harness distributed computing power to enable high-integrity tracking and records, so you don’t have to have a really big, expensive machine in one spot. To create a global system that tracks transactions – whether it’s supply chain or financial – you’re creating a global event log, or ledger, that can’t be modified, it can’t be erased and has a historical timestamp to it.

There’s a lot of value in that, whether you’re trading a currency or making sure a watermelon that came in from another country is stamped as to where it came from, for tracking diseases or simply freshness. You can help the integrity of your food, your machine or auto parts products supply chain. So it does have a lot of possible uses.

DTJ:  As you just mentioned, the technology is decentralized, which in Bitcoin’s case made it difficult to resolve disputes over technical issues and upgrades. How can blockchain be adapted to work for specific companies or government organizations, and what are some of the challenges involved?

Dr. Schneck: There are a lot of challenges, but there’s a lot of good, as with many new technologies. It’s really good to be able to be a part of this conversation in the early stages of how it gets adopted, because you will have some of the best minds in the world focused on some of the cybersecurity issues as well, making sure the transactions themselves are safe.

So some of the things I think it adapts well to – I know we’ll try to cover it at the Fall Meeting, especially on the shipping side – are things that IBM is really working on with supply chain, for example your food system.

If you think back to a couple of years ago when you had certain produce that was causing people to get sick, it took them a couple of weeks to figure out what farm some of that produce came from. And if you think about what you could do now with a more computerized, distributed event log of where things were shipped, where they came from, you would have a much faster, more rapid ability to identify the source. And you could actually improve quality of life for people. You can also show food freshness, food provenance.

There are a lot of different applications for this, including even software. I spoke at RSA a couple of years ago about software provenance and specifically malware provenance – where does software come from and who made it? And it may be that in the future, there is a way to track where certain computer code comes from.

Now the challenge is, they’re going to be leveraging that distributed nature. It’s great because you get a lot of computing power without buying a massive multi-million dollar machine, but it’s also I think very difficult to narrow down any issues, for example in a global system where something might not have been able to be processed or where there was a computer fault.

If you’re one company using it, you have more control. Again, it’s just a concept – you can set up a blockchain infrastructure that’s not controlled by people you don’t know. Bitcoin is global and anyone can join the crowdsourced computer processing effort, but in a company or more closed group you would have more control over who is providing the processing, and some of those challenges would go away.

DTJ: So the equivalent of Bitcoin miners would all be internal to one organization, if that’s accurate?

Dr. Schneck: It could be, but if you look at technology like “cloud, “ the advantage comes from economies of scale, having potential points of massive processing that are not controlled or maintained by you. This will create an interesting set of decisions that point back to risk management, where I think Promontory will have a significant role given the unique expertise. It goes back to understanding what your configurations should be for the exact application, how to manage risk, and how to keep regulators informed and, of course, happy.

DTJ: And you’ve obviously mentioned a couple of the applications that are currently being explored. Could you go into a bit more detail about some uses of blockchain or other cyber technologies that Promontory/IBM are currently pursuing?

Dr. Schneck: So our role at Promontory really has been to work with boards of directors to mitigate regulatory and technology risk and determine what is best of the overall business. We have the hard conversations that say ‘what is the impact you can sustain’ – for example, a ransomware event or a hardcore cyber intrusion, or for example, something like what happened with Saudi Aramco a few years ago when tens of thousands of computers went dark. How do you react; how do you pop back up; what’s your investigative strategy; what’s your incident response?  Resilience is key.

We don’t implement, as Promontory, the blockchain, but IBM is doing extensive work in this area with many, many different sectors. They not only are world experts in the use of cryptographic technology, encryption, in this case, or public key technology, but also in high-speed computing. So those are the items that will underpin any blockchain infrastructure.

DTJ: Once it’s more developed, the technology seems to hold a lot of promise. What do you see as the overarching implications for business – and should we expect to see this technology more and more in coming years?

Dr. Schneck: I do think you’re going to see blockchain technology – again, the concept. So many people equate blockchain with Bitcoin – this is not about Bitcoin. Bitcoin is an electronic currency whose transactions have been enabled by blockchain technology. I think you’ll see the concept of a massively high-performance computing and cryptographically enabled event log, or ledger, become pervasive and used for many different efforts.

And in shipping – if you imagine  a container, if you look at where some of these large ships come in at the ports, and they unload container after container and they’re labeled or they have paperwork, eventually they could have a code on them that goes back to blockchain technology that you just scan.

And it will tell you immediately where this came from, who had it last, what’s in it, all the details about it, and then – probably with just a scan – you’ll electronically add its next step. That’s a very simple example, and they’re not using blockchain technology for this, but I think they will soon.

And if you take this to a blockchain technology, that gives you the ability in worldwide shipping to track millions of packages. I know from my experience at DHS, one of the unsung heroes of our way of life is the maritime sector, and the ability to do this global shipping. The Coast Guard has a piece of this, from investigative as well as safety.

And the ability to track this information – if you think about the amount of material that is shipped, where it’s shipped, is it legal to have it there, trade restrictions, health restrictions – and I think the use of this electronic ledger that can immediately show you an immutable record will add a lot of value for us.

IBM just released a new mainframe, they call it Z, but in a very high level overview, it gives you speed. They have put encryptions straight into the very chips, and that enables you to do things like blockchain and other cryptographic operations for authentication or confidentiality faster than we’ve ever been able to before. It integrates them, in a much more smooth way, which in turn provides new efficiencies to business. I think you will see this as a result become pervasive, and this level of performance become at some point expected – just as “high-speed Internet” changed the way we all can watch TV and movies on demand.