On the 26th July, Oki Mek, Chief Technology Officer for the U.S. Health and Human Services (HHS) Department’s acquisition arm, detailed the agency’s approach to blockchain technology.
As Ledger Insights reported in January, HHS was the first federal agency to be given the green light on developing blockchain projects. The “authority to operate” (ATO) paved the way for last month’s proof of concept for cybersecurity. In collaboration with tech firm Octo, HHS has come up with a system to track and verify government log files.
Every single system in federal government generates these logs which are reported to Homeland Security, explained Mek in an article by Nextgov. The logs account for a huge number of individual files which, particularly in HHS, are challenging to keep track of. Sometimes the files are overwritten to save space, and there’s potential for them to be tampered with.
Oki Mek summarized: “So if you are a system administrator or somebody who has an understanding of the system, you could actually manipulate the logs and cover your tracks. And manipulation of the logs is the issue.”
Here’s where blockchain comes in. It is nearly impossible to change data on a blockchain without being detected, thanks to its use of hashes or ‘digital fingerprints’, and the fact that these hashes are stored on multiple computers. To manipulate a log, you’d have to be able to change the hash on every node on the blockchain. June’s successful proof of concept demonstrated managing the logs with the technology.
“The synonyms that describe blockchain are immutability, transparency, traceability—and those words all describe cybersecurity,” stated Mek.
The CTO is clearly embracing the technology, but how did he win over his federal colleagues? Mek emphasized a step by step approach; presenting ideas then proving they work rather than running headfirst into an implementation. This also means there’ time to consult as many people as possible, crucially those who will end up using the new system.
“If they are building the system with you, they will want to help you market it—they will be championing your effort,” he explained.
For the log management project, Mek and his team consulted security officers, incident response teams, and forensic investigators, among others. By getting them to use the prototype and give instant feedback, the developers were able to improve continually.
Along with this bottom-up support, “Top-down support from leadership is very critical—without strong leadership, we cannot do this—without Jose, we cannot do this,” said Mek. He is referring to HHS’s new CIO, Jose Arrieta, who previously worked in acquisition. Arrieta was confident in the agency’s blockchain ATO back in December.
While Mek admits that government usually trails behind industry in terms of innovation, he thinks that his and Arrieta’s open-minded approach breaks the mold. So what’s their secret?
“If you start, and you say ‘I’m going to do an IT project,’ you are going to fail,” said Mek.
“But if you say ‘I’m going to solve a business issue, technology is just supporting that solution,’ then you’ll be successful and I think educating on emerging tech is the key,” he revealed.
Since the ATO, Mek’s agency invested $7 million in his blockchain initiative and more recently awarded numerous firms, including EY, contracts totalling $49 million. The HHS logs project is similar to data security firm ALTR’s blockchain-based system. Meanwhile, the Department of Defense revealed this month that it has been testing out blockchain cybersecurity solutions. The Department of Energy, too, has funded a project using the technology to secure the grid.