Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
09:00 AM
Raymond Pompon
Raymond Pompon
Partner Perspectives
Connect Directly

5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency

With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.

Justin Shattuck also contributed to this article. 

In a recent post, our colleague David Holmes answered the hypothetical board question “Are we doing anything with Bitcoin?” by slamming the door on a technological trend that is not only underway but is rapidly expanding. (Heck, Bitcoin itself is “old news” now.)

Still, the question about cryptocurrencies should be on every CISO’s brain. Even if CISOs don’t need to talk to a board or board members, they should be advising CFOs about cryptocurrency. More and more organizations, both in real life and online, are evolving and adapting to accept cryptocurrencies like Bitcoin. Here are answers to five of the most common concerns.

1. Volatility — as Compared to What?
Yes, right now Bitcoin is five times more volatile than gold, but it is relatively new. The concept of Bitcoin was announced in October 2008, and its first open-source release followed in January 2009. The very volatility engendered by Bitcoin’s newness has the potential to produce substantial wealth. More importantly, as cryptocurrency spreads and becomes ingrained into how we do business, we can expect its volatility to damp down. One thing to remember ics that Bitcoin has a built-in transparent mathematical mechanism to limit its inflation, whereas other currencies are left to the mercy of governments and the commodities markets. Finally, as with any currency, the value of Bitcoin is largely dependent on what we humans ascribe to it. Cryptocurrency is now recognized as a major player across the globe, so don’t expect it go away anytime soon. Who knows? In a few years, government-backed currencies could become even more volatile than Bitcoin.

2. Maturity
Yes, cryptocurrencies are new, and legislatures are grappling to deal with them. Guess what? So is the Internet and our entire way of living, immersed in an online world. However, unlike most new technology, Bitcoin is secure by design because of math—and mathematics is thousands of years old. Because of its transparent design, researchers have been able to examine and track any potential vulnerabilities in bitcoin. There aren’t any esoteric control mechanisms being driven by politics like “Bretton Woods” or T-bills that we find in “mature” financial systems. Also, the cryptocurrency concept isn’t limited to blockchain. Monero (XMR), introduced in 2014 and based on the CryptoNote protocol, possesses significant algorithmic differences relating to blockchain obfuscation. There will be advances and new directions in this market as it really catches on.

3. The Nation-State
True, there is no nation-state that backs Bitcoin—and that’s a good thing. We have plenty of government-backed currencies, and some of them aren’t doing too well. That’s why crypto-currencies offer a stable alternative not tied to political machinations. Bitcoin is decentralized and considered largely unregulated in the United States, and so can be insulated from these kinds of shocks. Large markets like Coinbase (a digital asset exchange company) are responsible for disclosing coin purchases from users. Additionally, companies like Coinme, a licensed Bitcoin ATM operator, have been working with legislatures and the Securities and Exchange Commission (SEC) to ensure current and future compliance.

Blockchain is open source, so anyone with a better idea can have a go at developing a more stable, more useful cryptocurrency. New features are being added to Bitcoin, which is why there are two forks. The community was divided, and ultimately the community decided which direction to go (Bitcoin vs. Bitcoin Cash). Read that again. The community decided. Not some politician or bureaucratic wonk. The community. Then the community members chose which one of the two standards to use. That’s a nice alternative to where we are with the nation-state-based currencies that we are stuck with.

4. All Those Flipping Thefts
First off, you cannot “steal” bitcoins. What you can do is gain control of a wallet (a private key running in software) and counterfeit transactions of that identity. Granted, the Bitcoin value is stolen in such cases, but because transactions are recorded in a public blockchain ledger, you can easily see where those fraudulent transactions have gone—which is why criminals have created "tumblers” to launder their transactions. You want to talk about volatility? The biggest launderer of Bitcoins unexpectedly shut down of couple months ago, and now we have companies set up for the sole purpose of tracking Bitcoin transactions. So, yes, you can steal, but you can't easily hide.

5. Quantum Expiration
Someday, quantum technology will shatter the cryptography implemented in current blockchain algorithms. This is probably decades off, but once it starts to become a reality, how many Bitcoins do you want to bet that cryptocurrencies will evolve their execution methods to adapt to the threat? Did we mention that blockchain is open source? That means anyone can propose a solution to quantum attacks. Oh, wait—someone already did.

Cryptocurrency is more than Bitcoin
Due to Bitcoin’s popularity, there are now more derived "alt-coins" (Coins that are meant to be alternatives to Bitcoin.) than anyone could have imagined. However, thanks to Bitcoin’s tremendous success, you can see how everyone wants to be a “whale” and get rich quick off of cryptocurrency. Of these alt-coins, there are a handful that have enough significant differences from Bitcoin to be considered viable by their respective communities: Litecoin (LTC), Etherium (ETH), Dash (originally Darkcoin), Zcash (ZEC), Monero (XMR), Doge, Ripple ... and the list goes on. The reality is, there are more than a handful of coins available for use, and CISOs are going to need to have knowledge (or at least people around them with knowledge) of what is happening in the crypto-coin space so that organizations can properly advise their financial teams.

Blockchain is More than Cryptocurrency
People are now adopting blockchain itself and the technology behind it, not just the currency. There are untold new markets like contract law, health care, and real estate for blockchain and cryptocurrency to disrupt. It’s going to be an exciting future, and CISOs need to be ready for it.

Get the latest application threat intelligence from F5 Labs.

Raymond Pompon is a Principal Threat Researcher Evangelist with F5 labs. With over 20 years of experience in Internet security, he has worked closely with Federal law enforcement in cyber-crime investigations. He has recently written IT Security Risk Control Management: An ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Guru
4/30/2019 | 9:15:57 AM
Cryptocurrency makes me nervous
And is doesn't give me cash back like my credit card.
User Rank: Guru
4/30/2019 | 9:13:53 AM
Re: An open mind is always best
You're so smart!
User Rank: Guru
4/30/2019 | 8:10:37 AM
An open mind is always best
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-08-05
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
PUBLISHED: 2021-08-05
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2021-08-05
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.
PUBLISHED: 2021-08-05
A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
PUBLISHED: 2021-08-05
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.