Blockchain Report – European Union Agency for Network and Information Security (ENISA)


    European Union Agency for Network and Information Security (ENISA) has entered into the Blockchain debate with a new report aimed to provide financial professionals in both business and technology roles with an assessment of the various benefits and challenges that their institutions may encounter when implementing a distributed ledger.

    Udo Helmbrecht, Executive Director of ENISA, said:

    “Cyber security should be considered as a key element in the Blockchain implementation by financial institutions.”

    ENISA analysed the technology and identified security benefits, challenges and good practices. The report identifies that some principles used in the security of traditional systems and in Blockchain, such as key management and encryption, are still largely the same.  There are however new challenges that the technology brings, like consensus hijacking and smart contract management. Additionally, it highlights that public and private ledger implementations will face different sets of challenges.

    Some of the key challenges of Blockchain identified in the document are traditional challenges such as:

    • Key Management
    • Privacy
    • Code Review
    • Technology specific challenges such as:
    • Key Generation
    • Smart Contract Management
    • Scalability

    ENISA has also identified good practices to overcome the issues identified as well as introduce the key concepts that decision-makers should be aware of when approaching this technology. After reviewing the existing challenges attached to distributed ledgers, some good practices are:

    • Using recovery keys
    • Using multiple signatures for authorizing and processing transactions
    • Using library of standardized smart contracts

    In this paper, they also identified that there are challenges that may require further development, such as:

    • Anti-money and anti-fraud tools
    • Interoperability of Blockchain protocols
    • Legal provisions and tools for implementing privacy and the right to be forgotten