A conversation with Promontory’s Dr. Phyllis Schneck

By James M. Marconi
Director of Public Relations, NDTA

Fast, secure, transparent. These qualities define the technologies that are transforming both personal and business transactions.

One such technology, blockchain, enables the cryptocurrency Bitcoin. But blockchain’s potential value extends far beyond digital money. Several organizations are experimenting with blockchain’s possibilities for the global supply chain, everything from managing food fraud to ports and shipping.

Dr. Phyllis Schneck, currently the managing director of cyber solutions at Promontory, is a cybersecurity expert who will deliver a featured presentation on blockchain technology and another business enhancer – big data – at this year’s NDTA-USTRANSCOM Fall Meeting in St. Louis.

Schneck provided a brief overview of both topics during a conversation with DTJ. The following is the first part of the interview (parts 2 & 3 available here and here), and has been edited for length and clarity:

DTJ:  Dr. Schneck, we’re looking forward to your presentation at the Fall Meeting, and I appreciate you taking some time to chat today. I’ll admit, I don’t know very much about Promontory – could you talk a bit about what the company does, and your role within it?

Dr. Schneck: Absolutely.  Promontory built their business and reputation over the past 15 years helping the financial sector at a very senior, board of directors level, employing people that basically built the field of financial risk management and business-driven regulatory compliance.

Our CEO is Gene Ludwig, who is the former comptroller of the currency. He built up the firm to help financial institutions over the past 15 years not only achieve regulatory compliance, but to really manage risk from the top.

I joined in April to take over a solid existing cybersecurity practice, and take it to the next level. I come out of several years of being a CTO [chief technology officer] for the global public sector at McAfee (when it was part of Intel), and then did almost four years at the Department of Homeland Security as the deputy undersecretary for cybersecurity and communications, running the defensive cybersecurity mission for the federal civilian government and private sector, which is the risk and mitigation of cyber threats from a technology and global policy perspective.

I’m an operator, I’m a programmer, I’m a coder, and I have worked with senior policy officials in multiple governments to help our own, but most importantly I’m a person who really enjoys the field of cybersecurity. I came to Promontory to work with all of these experts in the field of risk management in the financial sector and onward, whether it’s electricity or water or business or retail, to build out what we can do in cybersecurity to help customers use cybersecurity and risk management as business enablers.

As you know, everything today is connected, whether it’s shipping or health care, and we want to make sure that we use and enjoy that technology, but keep it safe. And Promontory was acquired in November 2016 by IBM, which gives us a whole new world of advantages with their technology that is building and using some of the fastest and most capable computing power on the planet.

Where we can build risk management strategy, IBM can also help to implement it. They have cyber incident response; they have probably the world’s fastest computing, certainly the world’s fastest encryption. And when I’m at your Fall Meeting, I’m representing a combination of Promontory and IBM to support taking this blockchain technology forward in all the different areas.

DTJ: In the past few years, I’ve seen more and more news stories about the blockchain technology that underpins digital currencies like Bitcoin. The technology has a number of other potential applications, which we’ll get to in a minute. For a general audience, how would you describe what blockchain is and how it works?

Dr. Schneck: The concept of blockchain itself existed many years ago – I believe decades ago. In the world of cryptography, when you think about what you do to something, the changes in that object affect the next object. So if you think of a chain, and if you do something cryptographically, or say mathematically, to one link, the next link to it is going to be different. And so that concept has existed for years.

What they’re using that concept for now – and obviously with cryptographic techniques (which is probably Klingon for saying a lot of big math) done to enable this – started in this context with what many people call a ledger. In the old days before the bank kept your checking account for you online, you’d have to write in the money you make, what you deducted from a check, and record every transaction, to keep an accurate personal record of how much money was left in your account.

What blockchain was first used for was with these virtual currencies, to ensure accountability and to maintain immutable records of all transactions. Did you actually make this transaction? Can we make sure that the transaction can’t be altered or deleted?

You can’t undo the fact that the transaction was done. You can’t say, ‘I spent $30, not $40.’ You can’t change it. Something that’s very important in the field is called non-repudiation. You can’t come back and say ‘hey, I didn’t do that’ because the way the public key crypto-system works is there are two keys, a public and a private key, and only you have your private key; it’s a secret. So if it was done, it was done by you. So again you can’t come back and say, ‘I didn’t do it.’  When a transaction happens, the owner and the event are noted forever.

Blockchain, as it’s used today, also includes a nice feature. It can timestamp a transaction, so you can’t say ‘hey, that was done on that Tuesday’ when it was actually done five weeks later. And you can only add to it; you can’t actually erase it, you can’t take away any of the history. So all these characteristics really go into building a system that has allowed itself to preserve the integrity of all transactions, no matter where they are processed or recorded.  This is what is known as ‘distributed’ in computer science, which means there are a lot of different points.

There’s no central hub. So these transactions in the virtual currency application [Bitcoin] involve many people all over the world, from students to people with hobbies to people with extra computer processing (most of us have machines that are idle much of the day, and many people choose to donate that time to Bitcoin or other processing). They are what they call Bitcoin operators who use their spare computer cycles to do the math to enable this global ledger to enable the virtual currency we all know as Bitcoin.

They do say it’s anonymous; I’ll argue that from the investigative perspective. I don’t think that it’s truly anonymous – I believe as a scientist that there are ways, just by mathematical patterns, that likely can be used by law enforcement investigators to make some of the Bitcoin transactions not anonymous. That doesn’t mean it isn’t very hard and that Bitcoin transactions are not anonymous for virtually everyone. Just don’t rule out the possibilities.

But what is nice about that distributed setup is what they call “peer-to-peer.” I can do a transaction just with you, without going through a central hub, but it makes it onto the ledger and it can’t be erased, and it’s there for all.

One more nice thing about this, you can automate it. So, when you’re using technology like this, you can say, for example, if Phyllis sends $4,000 this month, I want these things to happen: I want a message sent here, I want this transaction to happen there. So you can actually use the power of computing to make things happen based on transactions and affect the ecosystem as well as other transactions. I often like to compare the Internet ecosystem to the weather, and this is a bit of the analogy of a butterfly flapping its little wings in Australia having climate effects in say Arizona.