Can Smart Contracts Compliment Conventional IT Security?

I was just reading this article today on Twitter:

Former Utilities Employee Tampers with Water Supply and I thought about the core issues in this story:

  1. Former employee
  2. Had functional access to remote login
  3. Knowledge of system
  4. Insufficient monitoring processes

While many business now place great emphasis and investment into onboarding processes, my anecdotal evidence is that the exiting process is generally superficial, and to the ‘rubber stamp’ standard.

Notwithstanding any IT Security processes in place, that either did or did not perform to their established KPIs, how could the use of Smart Contracts have possibly prevented or at least ameliorated the potential damage that an unhappy insider could action?

Could a personal Smart Contract (Replacing a conventional employment contract) be used for not only identification, qualification and legal obligations but also operational and informational access protocols, security authentications and supervisory over-rides?

With the idea that on termination or resignation, the smart contract then executes, using triggers, a range of actions that rapidly disconnects that person from the business, with full visibility to key business stakeholders.

Is this doable? Does it already exist?

Update: US DOJ Water Tampering Press Release


It sounds like Daml could be beneficial here when systems needing strong control over identity and access are built with Daml. Daml already uses IAMs for access management so to me it sounds more like Daml is an excellent way to leverage them.

But I have only a passing knowledge on this stuff so perhaps the more security conscious of us (cough @rps cough) could opine further :slight_smile:

1 Like