I don’t pretend to understand blockchain, but I have been doing my best over the past couple of weeks to get my head around it. So I have delayed writing about a fascinating IMO initiative that brought about 50 IMO member representatives and others together for a couple of days earlier this month (14-15 October) for a workshop, ‘Blockchain for maritime decision-makers’.
I only attended the first day so I won’t pretend that I am now an expert on blockchain and I didn’t qualify for the end-of-course certificate, but I can offer you six takeaways from the first day.
The first is that blockchain is here to stay. Organising the event for the IMO was the Singapore-based blockchain specialist Navozyme and the Nautical Institute, the professional body for deck officers. Its director of projects, David Patraiko, told ShipInsight that professional development for its members “shouldn’t just improve safety but also commercial effectiveness” and that “blockchain has the potential of addressing some of our industry’s big challenges for trustworthy certificates, effective documentation, fatigue and cyber security.”
My second takeaway is that you can’t beat old-fashioned paper to learn about new technology. Since it was a workshop, we were expected to muck-in with a couple of group tasks: one required us to understand enough of the structure behind blockchain to arrange some sheets of paperprinted with letters and numbers into their correct sequence, as if they were blocks in a chain. I confess I contributed little to my group’s understanding of the exercise; I’ll stick to arranging words in the right sequence.
Of course, it is not necessary to understand how blockchain works to be able to use it, any more than it is necessary to know how an engine works to drive a car but for those making decisions, knowing its mechanics may inspire initiatives that those of us who are mere drivers will later benefit from. So one of the keynote speakers, Prof David Shrier – of the MIT and Oxford University and who was described on the workshop publicity material as ‘blockchain guru [and] cyber security expert’ – went into a level of detail that I will not attempt to convey here.
But my third takeaway comes from his presentation: that blockchain is no more than “a database with special features”. Those features make the data immutable – it provides a permanent record – it is distributed – which avoids creating data silos – and transparent – making it “a vehicle for trust”, he said. All this, he said, makes blockchain-enabled data “1,000 times” more secure than normal data storage.
This brings me to my fourth takeaway: don’t get complacent. “Blockchain is not magic; it’s not a silver bullet,” Prof Shrier said during the Q&A session, with cyber security necessary “across every aspect of it.” Although a blockchain database cannot be changed once data is written to it, “what happens if someone gets between you and the blockchain database?”– a so-called ‘man-in-the-middle’ attack – he asked.
It is not blockchain that is at fault in those situations, he suggested. So why, I asked him, are there often reports of crypto currency thefts from supposedly-secure blockchain deposits? In August, for example, Forbes reported that more than $4Bn of crypto currency had been stolen in the first six months of this year, up from $1.7Bn in the whole of 2018. That does not sound very secure to me.
In part, he blamed account holders. “If you have a better lock on your door and you leave the keys lying around, your lock is not going to do anything for you,” he said. Extending the metaphor, “you might have put a pretty good lock on the door, but then you didn’t lock the window.” In other words, the exchange itself might have poor cyber security. In short, crypto currency theft “is basically human error.” That Forbes report supports his view, describing how thefts have generally followed phishing and other tricks to take over both user and administrator accounts. As one delegate commented from the floor, “blockchain has been hacked but it has never been cracked.”
So what should shipping companies do to avoid similar problems? “You need to have your chief information security officer as part of the discussion,” Prof Shrier told me. And if you don’t have such a person? Then “you should … and that person should be certified by a major accrediting body for cyber security.” They should hold a Certified Information Systems Security Professional (CISSP) qualification, which he described as “a very high level with a very difficult exam.”
My fifth takeaway is that there is more than one blockchain type. Later in the day I asked Navozyme co-founder Anjaney Borwankar whether maritime data and information – such as that used, for example, to verify seafarers’ certificates, which was mentioned as one potential use for the technology – could be compromised in the same way as crypto currency storage.
“Wherever there are humans, there’s a risk,” he said, but he noted that the currency protocol is public, “which means that anyone … can participate in that blockchain.” By contrast “all the systems we are talking about in the maritime world are closed systems.” In these, to take part “you have to prove who you are and the rest of the players have to agree that you are valid to enter the group.”
That does not mean that a ‘bad actor’ could not gain entry, “but they would be detected very fast” and because a contract would have been signed to enter the group, there would be legal implications for such a participant.
My sixth takeaway stems from the fifth. There are a number of blockchain types and they do not talk to each other. A delegate from one of the larger flag states pointed out that he could email a copy of a certificate around the world and it did not matter what email system the recipient was using. But if he switches to a blockchain-enabled alternative, “how will your system talk to some other system of blockchain?” he asked.
Mr Borwankar acknowledged that interoperability between systems was “a very important piece of the puzzle.” At the moment, though, it is a missing piece. “There is work going on in the laboratory [where] this has been solved but real-life large scale implementation it is yet to be seen in action,” he said.
He compared this situation to other technologies where different standards exist: right- and left-hand drive cars, for example and different types of electrical sockets. In the same way, with blockchain “there’s not going to be one system.”
Different blockchain systems suit different applications, he said, and the one Navozyme uses – called Hyperledger Fabric – is designed to suit enterprise blockchains; others have different target markets. It is the same system used by perhaps the best-known maritime blockchain community, the Maersk/IBM-led TradeLens, he said.
It is possible to establish interoperability between the various Hyperledger systems although linking them to other blockchain systems is not yet possible. But this may not be a problem. “Do we need that level of sophistication for our use-case? We don’t foresee that right now, but it’s good to plan that for the future,” Mr Borwankar said.
I then spoke to Ian Myles. He is a Singapore-based technologist whose company, Area51, “solves problems and builds solutions”. He was due to speak on the second day and I put it to him that, when blockchain emerged as a new technology a decade ago, there would have been an opportunity to establish a universal standard and I expressed surprise that this was not done.
But he echoed Mr Borwankar’s comparison with other technologies and argued that, at their heart, blockchain systems all share the same fundamental concept: a ‘distributed ledger’. “They use different algorithms, different blockchains and different methods to achieve the same principle.”
His advice is that companies could use more than one blockchain system. An industry-leading system might be suitable for most of its operations, but others might be better for specialised functions. “The industry will not allow a single entity to drive this,” he said, and there must be competition to ensure quality of service.
So how big a thing is blockchain? Mr Myles quoted his ‘guru’, Prof Dave Lee, professor of FinTech and blockchain at Singapore’s University of Social Sciences, who has said that blockchain is “a once-in-100-years idea” and that it is “bigger than the internet”.
Some had challenged that remark, Mr Myles said, since blockchain relied on the internet for its creation and he recalled Prof Lee defending his claim by saying that blockchain was “about resetting trust in society” and thus transcended the internet that allowed it to function. It was a remark that echoed what Prof Shrier had said at the start of the day.
This seemed a bit philosophical to me, but Mr Myles underlined the point. “He’s right, because there are a lot of things … we don’t like about our banks, about governments and a lot of [other] things, so we need to get trust reset.”
• Are you using blockchain? Are you suspicious of it? Is it the Big Thing that Prof Lee suggests? Email me with your reactions now.