HHS wraps up blockchain CDM test
- By Susan Miller
- Jun 20, 2019
The Department of Health and Human Services recently completed a blockchain proof of concept using the distributed-ledger technology to secure and verify log files required under the Department of Homeland Security’s Continuous Diagnostics and Mitigation program.
CDM requires federal agencies to review all their audit/log files to check for suspicious activity, and if those files have been tampered with, the integrity of the audit is compromised. HHS worked with Octo, a federal IT services provider, to preserve the log files in a blockchain of encrypted “log transactions” that showed when files were created, changed or deleted.
“The blockchain will capture only simple audit log records in the digital ledger,” as Oki Mek, chief product officer in the HHS Division of Acquisition, described the project in March. “The rest of the log information will be stored off-chain in an encrypted database. If you have one story of the truth on what is on your network, who is on your network, what is happening on your network and how is your data being protect[ed], that solves a lot of your security risks.”
The test proved that blockchain supports the objectives of the CDM program and improves HHS’ overall security, Octo officials said.
“With blockchain, every participant in the blockchain network can verify that their version of the truth matches everyone else’s,” Octo Senior Director for Innovation and Technology Cesar Tavares said. “This central capability is why blockchain is such a powerful innovation and demonstrates how it can help improve HHS’ security posture.”
HHS has run one of the early, successful blockchain pilots in government. The Accelerate initiative uses blockchain, robotic process automation and microservices to streamline the contracting process for agency users and vendors and helps ensure the decentralized agency can leverage its purchasing power. It received authority to operate in December 2018, which made the log file proof of concept possible.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.