Last week, our esteemed colleague David Holmes answered the board’s question “Are we doing anything with bitcoin?” by slamming the door on a technological trend that is not only underway but is rapidly expanding. (Heck, bitcoin itself is “old news” now.)
Still, it should be on every CISO’s brain. Even if CISOs don’t need to talk to a board, they should be advising CFOs about cryptocurrency. More and more organizations, both in real life and online, are evolving and adapting to accept cryptocurrency.
Yes, right now bitcoin is five times more volatile than gold,1 but it is relatively new. The concept of Bitcoin was announced in October 2008, and its first open-source release followed in January 2009. The very volatility engendered by bitcoin’s newness has the potential to produce substantial wealth. More importantly, as cryptocurrency spreads and becomes ingrained into how we do business, we can expect its volatility to damp down. One thing to remember is that bitcoin has a built-in transparent mathematical mechanism to limit its inflation, whereas other currencies are left to the mercy of governments2 and the commodities markets.3 Finally, as with any currency, the value of bitcoin is largely dependent on what we humans ascribe to it. Cryptocurrency is now recognized as a major player across the globe, so don’t expect it go away anytime soon. Who knows? In a few years, government-backed currencies could become even more volatile than bitcoin.
Yes, cryptocurrencies are new, and legislatures are grappling to deal with them. Guess what? So is the Internet and our entire way of living, immersed in an online world. However, unlike most new technology, bitcoin is secure by design because of math4—and mathematics is thousands of years old. Because of its transparent design, researchers have been able to examine and track any potential vulnerabilities in bitcoin.5 There aren’t any esoteric control mechanisms being driven by politics like “Bretton Woods”6 or T-bills7 that we find in “mature” financial systems. Also, the cryptocurrency concept isn’t limited to blockchain. Monero (XMR),8 introduced in 2014 and based on the CryptoNote9protocol, possesses significant algorithmic differences relating to blockchain obfuscation. There will be advances and new directions in this market as it really catches on.
True, there is no nation-state that backs bitcoin—and that’s a good thing. We have plenty of government-backed currencies, and some of them aren’t doing too well.10 That’s why crypto-currencies offer a stable alternative not tied to political machinations. Bitcoin is decentralized and considered largely unregulated in the United States, and so can be insulated from these kinds of shocks. Large markets like Coinbase (a digital asset exchange company) are responsible for disclosing coin purchases from users. Additionally, companies like Coinme, a licensed Bitcoin ATM operator, have been working with legislatures and the Securities and Exchange Commission (SEC) to ensure current and future compliance.
Blockchain is open source, so anyone with a better idea can have a go at developing a more stable, more useful cryptocurrency. New features are being added to bitcoin, which is why there are two forks. The community was divided, and ultimately the community decided which direction to go (bitcoin vs. Bitcoin Cash). Read that again. The community decided. Not some politician or bureaucratic wonk. The community. Then the community members chose which one of the two standards to use. That’s a nice alternative to where we are with the nation-state-based currencies that we are stuck with.
First off, you cannot “steal” bitcoins. What you can do is gain control of a wallet (a private key running in software) and counterfeit transactions of that identity. Granted, the bitcoin value is stolen in such cases, but because transactions are recorded in a public blockchain ledger, you can easily see where those fraudulent transactions have gone—which is why criminals have created "tumblers”11 to launder their transactions. You want to talk about volatility? The biggest launderer of bitcoins unexpectedly shut down a couple months ago,12 and now we have companies set up for the sole purpose of tracking bitcoin transactions.13 So, yes, you can steal, but you can't easily hide.
Someday, quantum technology will shatter the cryptography implemented in current blockchain algorithms. This is probably decades off, but once it starts to become a reality, how many bitcoins do you want to bet that cryptocurrencies will evolve their execution methods to adapt to the threat? Did we mention that blockchain is open source? That means anyone can propose a solution to quantum attacks. Oh, wait—someone already did.14
Due to bitcoin’s popularity, there are now more derived "alt-coins" (coins that are meant to be alternatives to bitcoin) than anyone could have imagined. However, thanks to bitcoin’s tremendous success, you can see how everyone wants to be a “whale” and get rich quick off of cryptocurrency. Of these alt-coins, there are a handful that have enough significant differences from bitcoin to be considered viable by their respective communities: Litecoin (LTC), Etherium (ETH), Dash (originally Darkcoin), Zcash (ZEC), Monero (XMR), Doge, Ripple . . . and the list goes on. The reality is, there are more than a handful of coins available for use, and CISOs are going to need to have knowledge (or at least people around them with knowledge) of what is happening in the crypto-coin space so that organizations can properly advise their financial teams.
People are now adopting blockchain itself and the technology behind it, not just the currency. There are untold new markets like contract law,15 health care,16 and real estate17 for blockchain and cryptocurrency to disrupt. It’s going to be an exciting future, and CISOs need to be ready for it.
MODIFIED: Nov 09, 2017