Blockchain and privacy-by-design: a holistic approach to cybersecurity for the financial sector
We are living in the era of digitalization where digital applications across all business sectors are increasing. Unfortunately, cyber-attacks are alarmingly on the rise as well, which sets new challenges for the management of secure internal and external data flows.
SOTER is an H2020 funded project which takes a holistic approach for improved cybersecurity defence in the financial sector.
The SOTER research is focused on developing a biometric-based authentication and identification digital onboarding platform (DOP), coupled with a sector-specific education and awareness training programme that addresses human factor-based aspects of organisational and operational cybersecurity.
The goal is a suite of cybersecurity tools that, combined, enhance organisational information security and increase individual cybersecurity awareness and skill levels of employees.
Trilateral Research have a role in both the technical and the social science research streams, providing expertise and support to the consortium on matters concerning research ethics, data management, ethnographic research methodologies, cybersecurity pedagogy, as well as providing considerable expertise to designated Data Protection Impact Assessment (DPIA), System Risk Assessment (SRA), and Privacy Impact Assessment (PIA+).
The Digital Onboarding Platform
One of the more interesting aspects of the SOTER research is found within the proposed development of the digital onboarding platform.
SOTER biometric-based identification and authentication platform incorporates distributed ledger technology (DLT), otherwise known as blockchain technology.
Blockchain has received much attention over the last few years and is viewed as a ‘leading-edge’ technology, affording disruption to a number of industry sectors, from finance to supply chain management.
The SOTER Digital Onboarding Platform proposes using blockchain to leverage constructs such as data interoperability, accessibility and immutability within the digital identity and authentication process, using cutting-edge cryptographic schemes and mechanisms to assure information security and verifiability.
Trilateral is involved in the Digital Onboarding Platform development process from two angles. The first is through the SOTER platform’s System Risk Assessment – a necessity for Information Technology infrastructure deployed within critical sectors, as per the NIS Directive.
This task includes a commitment and adherence to Security-by-Design methodology, which seeks to ensure that the architecture, design and deployment of the platform meet crucial security standards.
The second consists of the development of the project’s Privacy Impact Assessment (PIA+) task, which includes a commitment to both Privacy-by-Design and Data Protection by Design and Default methodologies.
The PIA+ informs the technical development of both data protection and privacy risks, while also providing recommendations for their mitigation.
The SOTER Digital Onboarding Platform development also faces a number of compliance considerations, concerning regulatory frameworks such as the GDPR, PSD2, and 5AMLD. The project also faces standardisation and interoperability hurdles, especially those related to digital identity management systems and protocols such as eIDAS, SSI, as found contained within technology initiatives such as the European Blockchain Services Infrastructure (EBSI).
While the SOTER research is still in a nascent state, Trilateral have an important role to play in the development of this leading-edge technology platform, informing discussions regarding data protection, cybersecurity, and digital identity as we move into the 21st century.
Our role is crucial to helping ensure that ethics, privacy, and data protection concerns are considered all along the development path, taking centre stage in this novel H2020 Responsible Research and Innovation (RRI) initiative.
The SOTER Digital Onboarding Platform has the potential to be an incredibly powerful tool in efforts to further protect data subjects, increasing resilience in the financial services sector.
For more information please contact our team.