Cryptocurrencies are the digital zeitgeist. They represent a cultural moment where technological innovation meets financial intrigue – and everyone wants a piece. While the societal buzz tends to focus on those becoming wealthy from crypto, behind the scenes there are thousands of crypto victims. Countless hacks, extortion schemes, and market manipulation tactics should have shed the perception that crypto is a harmless game to make money, yet its popularity and adoption has only grown over the years.
Unregulated market forces have made crypto into the Wild West where anything goes and, ostensibly, anyone can become rich. But if it sounds too good to be true, it probably is. Without sensible regulation, regular consumers will continue to be defrauded and have their funds hacked, not only risking personal financial ruin but triggering downstream instability to wider financial markets.
Last month the crypto platform PolyNetwork temporarily lost $600 million of its customers assets to hackers. This was only a hack of moderate severity as far as infamous thefts go. In 2019 alone, hackers stole more than $4 billion by breaching crypto exchanges and digital wallets. In the crypto world, there are no specific rules to ensure protection of customer assets. Unlike banks, crypto exchanges don’t have any specific cyber security requirements, making hacks common and relatively easy for sophisticated cyber criminals utilizing techniques like SIM card swapping, phishing, and URL hijacking.
In addition, crypto exchanges are not required to have systems to prevent fraud and manipulation, nor are there rules to prevent or minimize conflicts of interest. One analysis identified 175 “pump and dump” schemes where crypto traders drastically inflated and then suddenly crashed the prices of 121 cryptocurrencies in 2018, generating millions in losses for unknowing consumers.
Another analysis found widespread use of automated trading programs or “bots” to manipulate prices. The bots used strategies similar to a practice outlawed in stock and future markets called “spoofing” where traders create fake orders only to cancel them – an attempt to trick consumers into buying or selling crypto based on false market signals.
Popular cryptocurrencies like Bitcoin, Ethereum, Litecoin, Ripple, and Dogecoin have suffered from numerous hacks and price manipulation schemes, losing more than $5 billion in consumer funds. Photo by Worldspectrum on Pexels.com
As of September 2021, the total market value of all the crypto assets surpassed $2 trillion. While it’s a small part of the $400+ trillion financial system, it is not an isolated one. There are growing linkages to the wider financial system through banks, brokers, and technology vendors that interface with crypto exchanges – including large players like Fidelity, Goldman Sachs and Wells Fargo.
This will only grow as the consumer demand for crypto shows no sign of abating. If left unaddressed, the cybersecurity and market manipulation vulnerabilities in the cryptocurrency market could cause collateral damage in the global financial system.
Proponents of cryptocurrency will argue that cryptocurrency regulations would slow down the advancement of the technology or could raise barriers for investor access and capital formation. While this may be true initially, addressing the vulnerabilities present in the cryptocurrency market would boost investor confidence and technology investment in the long term.
The fact that crypto exchanges lack basic cybersecurity protections or are victims of market manipulation from practices outlawed in the traditional financial market underscores how badly these entities lack strong operational, governance, and risk practices. These barriers will do more to prevent global adoption of cryptocurrencies than attempts to develop guardrails around them.
Ultimately, interest in cryptocurrency will only grow. And with it, theft and defrauding will also grow. The federal government has an imperative to create regulatory oversight of crypto-assets and the intermediaries that operate in that space given the risk to consumers and the larger financial market. If the U.S. continues to just let the invisible hand guide the crypto market, soon the trillions that consumers, banks, and trading firms have held in this market will also become invisible.
Nearly a fifth of all federal spending ($800 billion) is disbursed through grants, yet recipients are subject to a multitude of systems, inconsistent data across various platforms, delayed payments, and onerous reporting requirements.
Innovations in distributed ledger technology and tokenization provide a new way forward in changing the financial relationship between the federal government and citizens.
In 2019, the Bureau of the Fiscal Service (Fiscal Service) and the National Science Foundation (NSF) began to develop a “smart grants” application in response to requests by grants administrators at various research universities to simplify the process for receiving and reporting on federal grants. As a POC, the project used the blockchain tokenization feature to represent the attributes of a federal grant award. Because a token’s history can be traced, it increases transparency along the path of federal funds to make reporting easier. Currently, when prime grant recipients transfer funds to sub-recipients, awarding agencies are unable to see the sub-grants.
Chetan Hebbale is currently a graduate student at the Johns Hopkins School of Advanced International Studies (SAIS) in Washington, D.C. focused on international economics, climate change, and sustainability.
Prior to this, he spent over 4 years at Deloitte Consulting working on technology and strategy projects at the CDC and U.S. Treasury Department.
He is a native of Atlanta, GA and attended the University of Georgia.
Chetan Hebbale is currently a graduate student at the Johns Hopkins School of Advanced International Studies (SAIS) in Washington, D.C. focused on international economics, climate change, and sustainability.
Prior to this, he spent over 4 years at Deloitte Consulting working on technology and strategy projects at the CDC and U.S. Treasury Department.
He is a native of Atlanta, GA and attended the University of Georgia.
As federal organizations increase their exploration into the uses and applications of emerging technologies, opportunities for synergy between these technologies increase in tandem. Specifically, the combined effect between blockchain and robotic process automation (RPA) can be readily explored as adoption increases throughout the public sector.
Briefly defined, blockchain is a digitized, distributed ledger that can be public or permissioned, composed of “blocks” of records and linked together using cryptographic hashes. New blocks are appended to previous blocks based on consensus amongst peers, thus forming a chain that serves as a digital ledger of trusted transactions maintained among and across participants.
In place of multiple independent and isolated ledgers, there is a single shared record of events distributed across all blockchain ledger participants. While blockchain is used to store information, RPA is used to aggregate, clean, and transform it. RPA is a form of business process automation that utilizes software robots, or “bots”, to perform tasks through interactions in an application’s graphical user interface (GUI). Bots replicate human actions through performance of rules-based and manual tasks.
A 2018 Gartner CIO survey shows that 13% of U.S. federal organizations are in short-term planning and/or actively experimenting with blockchain. While the same report indicates that 6% of U.S. federal CIO respondents have already invested and deployed smart robot (i.e. robotics) technologies.
Additionally, a 2018 CIO Agenda: Government Insights report indicates that 7% of Government respondents rank process automation as a top business and mission objective. Given these statistics, technological collaboration amongst emerging technologies should be explored as possibilities for impactful solutions. Specifically, the impact of RPA across highly complex peer-to-peer business processes could be facilitated by blockchain providing a network effect of impact
Blockchain Today
Blockchain, also known as distributed ledger technology, is becoming more widely accepted as an innovative way of storing and transferring data across a distributed network. Photo by Pixabay on Pexels.com
Blockchain’s potential virtues have been touted widely for a number of years. The peer-to-peer, distributed nature of blockchain allows for near real-time settlement of recorded transactions without the need for trusted third-party verification.
Federal agencies have begun to explore how blockchain implementations can enhance rapid information sharing, facilitate real-time asset tracking, or enable federated digital identities. Since blockchain ledgers contain cryptographically secured, verifiable records of each transaction in a chain—which have all been validated by a network-wide confirmation process—the technology helps to prevent double spending, fraud, abuse, and transaction manipulation.
Additionally, blockchain can be used to facilitate transactions through smart contracts. Smart contracts are pieces of code that can execute predefined tasks when specific conditions are met. Smart contracts further increase the capabilities of blockchain applications because they can digitally mediate, corroborate, enforce the negotiation of, or monitor the performance of a contract.
This can significantly augment data infrastructure, as demonstrated by organizations such as the Depository Trust and Clearing Corporation using smart contracts in the clearing and settlement of $1.5 quadrillion worth of securities in 2015. These strengths have reinforced blockchain as an opportunity for growth in both the public and private industries — forecasted to be a $20 billion global market by 2024.
While blockchain adoption is becoming more widely accepted as an innovative way of storing and transferring data across a distributed network, blockchain systems still depend on a user interface or an external system interface to capture this data.
If the blockchain interfaces directly with raw user inputs, then the blockchain will capture those raw user inputs. When blockchain is combined with an intelligent data ingestion process that can sift through a large set of noisy data, users on the network can benefit from this shared, digitally verified repository of data.
Robotic Process Automation (RPA) Today
Robotic process automation, known as RPA, is a technology that automates rules-based, manual processes. It has gained momentum in recent years as a promising solution to both improve speed and accuracy of various workplace challenges.
Federal organizations are continuously challenged by unfunded mandates, a shrinking workforce, pressure to deliver improved cycle times, and legacy systems housing valuable data that can be difficult and expensive to access or extract.
Implementation of RPA not only produces tangible results, such as improved processing times by up to 80%, improved accuracy by up to 99.9%, and increased throughput by 3-5x, but also leads to positive intangibles such as increased employee morale due to shift from low-value to high-value work activities and happier customers due to improved response times and accuracy of responses.
Blockchain and RPA as a Packaged Solution
While each technology has its own merits in addressing business challenges, utilizing the two technologies in conjunction with each other allows for innovative solutions that leverage the strength of both technologies, beyond the benefits of isolated implementations.
As government organizations graduate from experimental proofs of concept and look to build production-ready solutions, a common challenge they face involves the integration of a blockchain proof-of-concept prototype with existing RPA systems, processes, and interfaces. This point of integration can serve as an opportunity to demonstrate what happens when you combine the value of blockchain and RPA.
Case Study: Medical Record Consent Management
Medical information is one of the most intimate forms of data that exists. It can describe a person’s identity at a level that reflects one’s genetic history, lifestyle, and even their future. As a result, medical information has now also become a sought-after commodity. An electronic health record (EHR) is now more valuable to a hacker than a credit card number, as these records typically contain names, birth dates, billing information, and medical history.
Despite the importance of securing and managing control of medical data, this information can be scattered across medical centers, physician offices, health plans, and other entities. Often these health care organizations store this sensitive data in different digital formats and EHR systems, which makes the task of securing and sharing this information very difficult for patients.
The Department of Health and Human Services (HHS) Office of the National Coordinator (ONC) for Health Information Technology is at the forefront of tackling this challenge in their efforts to promote of nationwide health information exchange to improve health care.
An integrated RPA-Blockchain solution could be particularly valuable for ONC when it comes to patients providing consent for medical providers to share health records across organizations.
When going to a new doctor today, the process of requesting medical and consent records from your previous provider is time intensive and disparate across different providers. With time being of the essence, a lengthy consent verification process could delay a life-saving diagnosis or procedure. Photo by MART PRODUCTION on Pexels.com
Current State – A Slow and Fragmented Process to Share Patient Data
Today when a patient visits a new doctor the physician may not have access to any of the patient’s historical medical records. In order to access them, the doctor must make a request to the patient’s other health care providers asking them to share the individual’s data. To complete this exchange, the patient must sign a medical release form to establish their consent for their previous providers to share their health records with their new provider. Once a patient’s consent is verified, the record is transferred and the receiving provider intakes and parses the data.
The process of requesting records, verifying consent, consolidating information, and transferring data is time intensive and disparate across different providers and provider organizations. With time being of the essence in certain care scenarios, a lengthy consent verification process could delay a life-saving diagnosis or procedure.
In addition, the current health record sharing process does not allow for the customization of sharing permissions or efficient audit trails of those permissions. For example, a patient is typically not able to set specific opt in and opt out preferences when giving access to specific medical information, e.g., mental health, substance abuse, and sexual and reproductive health records.
Health organizations not only need ubiquitous access to all consent permissions when it comes to the sharing of protected information under HIPAA, but they must also be prepared to immediately respond to patient changes to these preferences.
Appropriate and timely sharing of vital patient information better informs decision-making at the point of care and allows clinicians to:
Decrease duplicate testing
Avoid medication errors
Avoid readmissions
Improve decision making
Traditional solutions and technologies have not been able to completely solve these issues, leaving patients in a position where they face challenges in taking advantage of their own medical information to improve their health care. A game changer is needed.
Future State – Leveraging RPA and Blockchain to Improve Interoperability, Speed, and Security When Sharing Patient Data
Imagine a world where all members of the health care ecosystem across health plans, providers, pharmaceutical firms, and patients could be connected on a single health care information network. All players know the rules of operation and can freely exchange information digitally between one or more parties without fear of data leakage or compromise.
A packaged RPA-blockchain solution could make this vision come true by enabling an efficient, trusted mechanism for verifying patient consent, increasing interoperability between health information systems, and providing auditable record sharing. How?
On the most basic level, RPA can be used to bridge integration gaps between legacy software. Bots can push and pull patient data from existing systems owned or stored by providers, provider organizations, electronic health record aggregators, government entities, or insurance companies and then convert the data into a consumable format.
Blockchain accelerates the integration speed and value of RPA by providing “smart contracts” that enshrine the permissions and automate the processes surrounding what type of health data is allowed to be shared, with whom, and under what circumstances. Furthermore, the blockchain logs a digital record of exactly when an action happens so it can be audited for compliance and be verified by any party participating in the blockchain network.
In a dual deployment of blockchain and RPA, blockchain serves as the solution’s backbone, supplying the rules-based information sharing platform, while utilizing RPA optimizes the solution’s output. The benefit of RPA bots is that they can operate exponentially faster than humans with near perfect accuracy across IT infrastructure and can effectively bridge multiple disparate systems to the blockchain.
Blockchain and RPA would be combined as a packaged solution for integration into an organization’s current IT infrastructure.
Essentially, RPA enhances the blockchain’s data ingestion and extraction processes across the many dispersed and detached legacy systems that dot the health record infrastructure landscape. This concept is summarized in Figure 1 above where an RPA-driven blockchain solution can seamlessly integrate pre-existing data collection points across an enterprise or network to consolidate permissions and act as the single source of truth for patient consent.
By utilizing RPA, organizations can maintain their current systems without overhauling their IT infrastructure to achieve integration with blockchain. Thus, the RPA solution transforms data into usable formats, eliminating the need to replace legacy systems. This packaged solution allows organizations to reduce investment costs, implementation time, and the impact of technological transformation, keeping the transition near invisible to the consumers of affected IT systems while allowing organizations to reap all benefits of blockchain.
In contrast to the existing method of having administrative staff conduct database queries, track down paperwork, or contact other health care providers via phone, fax, or courier, a consent management system that leverages RPA and blockchain-based smart contracts could verify patient consent preferences near instantaneously.
The table below summarizes the current state of patient consent management, and a future state where RPA and blockchain technologies can come together and work in tandem to realize efficiencies and automate the consent management process.
Current State
Future State
Patient signs medical release paperwork at each individual health care provider or provider organization
A patient visits one provider or provider organization that uses an electronic health record data sharing platform with all other providers and provider organizations in the health care ecosystem. The patient can manage their consent preferences for each provider or provider organization on one platform, including managing what information they consent to share at a more granular level (e.g. mental, substance abuse, and sexual and reproductive health records) or macro community level (e.g. full hospital group or full care network)
Health care organizations communicate via e-mail, phone, fax, or courier to request and transmit health records
When one health care provider or provider group needs data from another, RPA bots will query the platform’s database for the patient’s consent preferences, then the blockchain smart contract initiates an automatic execution of record sharing based on the validated permission settings
Receiving health care provider or provider organization compiles and parses records in various digital formats and data structures, sometimes manually
RPA efficiently consolidates and parses all the available data into one consolidated, uniformly structured and formatted record
All health care organizations maintain an individual, sometimes paper-based, often manually managed, record of when health record data was shared and whom between
The blockchain maintains an incorruptible electronic record of all health care data exchanges that occur between network participants and is auditable by everyone in the ecosystem
Deep Dive: RPA as a Mediation Layer
As organizations look to implement blockchain, they must also examine methods and strategies for tying in the technology with their existing infrastructure. Two places in which integration occurs is the process for which users attempt to “write” data onto the blockchain and the process for which users attempt to “read” data from the blockchain.
While organizations could elect to directly access and write data from and to existing IT systems through an Application Programming Interface (API), raw data may not always live in a usable format. This restriction is especially true for the case of smart contracts. Smart contracts are built with specific data standards that must be contextualized and formatted properly to be written to the chain.
Selecting RPA as the bridge between blockchain and existing IT systems addresses both the issue of cost and user familiarity. From a data ingestion perspective, the end-user would input data with their existing standard operating procedures using an already accustomed system and UI. This removes any cost and time associated with a new user interface and allows for a simpler implementation of blockchain into the day to day processes.
The bot would then locate the input data through the existing system’s data endpoint, whether that be a database, flat files, or other storage formats. Once located, the bot will filter for relevant information and transform the data to a blockchain consumable format to be passed through the configured API and added to the blockchain, as depicted in the figure below.
Process for data ingestion and extraction with the use of RPA as a mediation layer
From a data extraction perspective, a bot would scan the blockchain and locate relevant data on the blockchain to be pulled. The bot would then transform the data, cross-referencing any ancillary database, into a format digestible by the consuming IT system. An end-user would be able to access the data within their familiarized systems without any modifications to their standard operating procedures.
In the case of patient consent, HIPAA compliance authorities, such as HHS could participate in health information exchange networks to verify whether parties in the network comply with HIPAA requirements. These scenarios increase the transparency and accessibility of information between parties and across systems.
Conclusion
Implementing RPA and blockchain as a packaged solution allows organizations to reap the benefits of blockchain while reducing costs, implementation time, and need for users to adapt to new systems and processes. In a future state, RPA and blockchain could reduce communication channels, the need for third-party exchange networks, and automate portions of the electronic health record management process.
As other emerging technologies mature, possibilities of collaborative solutions, such as the relationship between RPA and blockchain, should be considered. These packaged solutions may offer unique approaches to challenging problems, expanding the realm of what is possible through digital evolution.
Chetan Hebbale is currently a graduate student at the Johns Hopkins School of Advanced International Studies (SAIS) in Washington, D.C. focused on international economics, climate change, and sustainability.
Prior to this, he spent over 4 years at Deloitte Consulting working on technology and strategy projects at the CDC and U.S. Treasury Department.
He is a native of Atlanta, GA and attended the University of Georgia.
Botulinum toxin is a neurotoxin produced by the bacteria Clostridium botulinum. The bacteria is an anaerobic (doesn’t require oxygen to grow), gram-positive (contains peptidoglycan in its cell wall), spore-forming rod found on plants, in soil, water and the intestinal tracts of animals. C. botulinum has eight antigencically distinguishable exotoxins (A, B, C1, C2, D, E, F, G) some of which have commercial and cosmetic application but others of which are considered to be the most dangerous poison on Earth. Botulinum toxin-A is popularly known as Botox and is used to reduce facial wrinkles and aging effects, but its closest neighbor Botulinum toxin-B can be harnessed to create pathogenic disease outbreaks across populations.
All serotypes of botulinum are single polypeptide chains with a molecular mass of about 150 kDa and a high degree of amino acid sequence homology. The polypeptide chain contains and heavy (H) and light (L) chain which play a crucial role in its pathogenesis[1]. Botulinum’s toxicity is orchestrated through its interference in neural transmission by blocking the release of acetylcholine at four different sites in the body: the neuromuscular junction, autonomic ganglia, postganglionic parasympathetic nerve endings and postganglionic sympathetic nerve endings[2]. Acetylcholine is the principle neurotransmitter in neuromuscular junctions which makes its inhibition result primarily in muscle paralysis .The heavy (H) chain binds irreversibly to the high affinity receptors on neurons allowing the toxin-receptor complex to enter the cell via endocytosis which then allows the light (L) chain to interact with various surface proteins to prevent fusion of acetylcholine vesicles with the cell membrane[3].. The initial symptoms begin with acute weakness of muscles causing difficulty in speaking, swallowing and blurred vision. This followed by flaccid paralysis beginning at the muscles in the head and throat and can eventually cause death from respiratory muscle paralysis[4].
Because of the speed and potency with which Botulinum strikes the body, it is considered one of the most toxic poisons known to humans. It’s estimated that even a single gram of pure crystalline toxin evenly dispersed and inhaled could kill as many as one million people[5]. The estimated lethal dose for a 200 pound person is around 0.9 – 1.2 micrograms by inhalation and approximately 90 micrograms by oral ingestion with symptoms appearing as quickly as 2 hours to as late as 8 days. In its solid form it is a white crystalline solid and in its liquid form it is colorless and odorless. Because the toxin is a protein, it is sensitive to heat and denatured at temperatures above 80 C (176 F) after 10 minutes[6].
Because of its extremely high toxicity (100 times more toxic than sodium cyanide), Botulinum toxin has been at the top of bioweapon candidate agents. C. botulinum is easy to grow in large quantities and able to be stored at incubation without much technical sophistication. Weaponizing botulinum would be a complex, multi-stage process where in the final stage the toxin would have to bind to a finely powdered material like bentonite or silica gel[7]. This binding allows the bacteria to form a stable aerosol vehicle for dissemination.
Terrorists have already attempted to use botulinum as a bioweapon. On at least 3 occasions between 1990 and 1995, the Japanese cult Aum Shinrikyo used aerosols to disperse the bacterial agent in Tokyo and on US military installations, but these attempts failed due to deficient aerosol-generating equipment and no one was killed[8]. The group acquired their C. botulinum from soil that they had collected in northern Japan. While non-state actors like Aum Shinrikyo have been unsuccessful, state actors have long been developing botulinum toxin as a bioweapon. In the 1930s, Japan’s government developed Unit 731, a bioweapons research complex, to test the effect botuliun had on Chinese, Korea and American prisoners it captured in the 1930s. The United States produced botulinum toxin during World War II out of fear that Germany had done so already (which they had). In fact before the D-Day invasion, over a million doses of botulinum toxoid vaccine were administered to Allied troops[9]. Even though Iraq and the Soviet Union were signatories to the 1972 Biological and Toxic Weapons Convention, both produced it for use as a weapon. Former senior scientists of the Russian civilian bioweapons program admit that botulinum toxin was tested at the Soviet site Aralsk-7 on Vozrozhdeniye Island in the Aral Sea[10]. After the demise of the Soviet Union, thousands of scientists employed by its bioweapons program have been recruited by nations attempting to develop biological weapons, specifically botulinum toxin, including Iran, North Korea and Syria[11]. After the Gulf War in 1991, Iraq admitted to having produced 19,000 liters of concentrated botulinum toxin with about 10,000 liters loaded into military weapons. The 19,000 liters to this day are not entirely accounted for and constitute more than three times the amount needed to kill the entire human population by inhalation. Amongst the range of biological weapons that Saddam’s Iraq had developed it chose to weaponize more botulinum toxin than any other agent. [12]
Analysts now downplay the potential for botulinum to be used as a bioweapon because of constraints in concentrating and stabilizing the toxin for aerosol dissemination[13]. The flaw in these analyses, however, is that they pertain only to military use in immobilizing an opponent rather than release of the agent in a civilian population. It’s estimated that a point-source release could incapacitate or kill 10% of persons downwind from the initial release which could wreak havoc in a populated civilian setting such as a subway transit or sports arena[14]. More dangerous than aerosol dispersion though would be the use of the toxin through the contamination of food which could result in widespread epidemics. Terrorists generally consider these “soft” targets, since they are almost impossible to guard at all times. Contamination of the food supply could come through spraying the agent on fruits and vegetables or through processed foods like dairy products or through hamburger and canned meats.
In order to recognize a biological attack from botulinum, there would have had to have been an outbreak with a significant number of incidents of flaccid paralysis all stemming from one geographic location. Once recognized, treating those affected and containing the spread can be very difficult. For some symptoms of botulinum infection do not appear for 8 days meaning they could inadvertently spread the toxin amongst family, co-workers etc before showing any signs[15]. Once an individual begins to show signs treatment would include breathing assistance and possible intubation, botulinum anti-toxins and a toxoid vaccine[16] which may or not be successful depending on the severity of the infection on the body.
Given that much of Iraq’s arsenal of weaponized botulinum toxin has been unaccounted for and thousands of bioweapons trained scientists from the Soviet Union have spread out across the globe, it is not hard to imagine that terrorist networks and perhaps even state actors have acquired strains of weaponized botulinum. While the current struggle may still be with efficient aerosol dispersal deign, there are more vulnerable targets today than there have been in the past. Terrorists could easily target today’s vast supply chain of globalized food export where areas of the marketplace are unregulated and where a number of middlemen control the shipping process. With these risks, the United States ought to have emergency response and hospitals equipped with all the proper medications to be able to swiftly and efficiently deal with an outbreak of botulinum toxin.
Chetan Hebbale 