Blockchain-Based Security Configuration Management for ICT Systems

Abstract

The world has become increasingly dependent on large-scale and distributed information and communication technology (ICT) infrastructures and systems in sectors such as energy, transport, banking, healthcare, water supply, and digital services, while their protection is considered of paramount importance and has already drawn remarkable attention from governments and key industry players. Establishing common approaches by leveraging existing frameworks and cyber security practices for improving the security postures of those systems is one of the major objectives for ensuring an adequate level of protection and avoiding the detrimental effects of disruptions on society and citizens. Configuration management (CM) is one of those common practices for establishing and maintaining the integrity and consistency of a system and its elements with regard to the function, performance, and status of technical and physical attributes, and it contributes to a desirable security posture throughout the lifecycle of a system. This study addresses the importance of CM, and while considering the corresponding frameworks, standards, and best practices, it proposes a permissioned blockchain-based approach, that inherits the benefits of the blockchain technology and ensures the integrity of the systems’ configuration across the complete lifecycle management of its products and services as an underlying model for mapping and integrating CM functions. Furthermore, this study briefly presents the benefits and challenges of the application of permissioned blockchain models and proposes a smart-contract-based role-based access control mechanism, in addition to presenting an operating concept based on brief but real-life lifecycle requirements of organizational configuration management.