Telos and Best practices in Information Security and Privacy
Telos is a Blockchain Network, we call it TBN (Telos Blockchain Network). It uses EOSIO source code base. Telos is applying industry best practices and fundamentally sound principals in Information Security and Privacy to protect Telos Blockchain Network, Blocks Production operations, as well as it’s stakeholders.
Note as well that TELOS and EOS Mainnet both are using the same source code base which is EOSIO. So both belong to the same family and are part of the EOSIO echo system. Both Blockchains have similar issues and problems. However Telos has made many improvements over EOS Mainnet. Improvements within Security and GRC are just one area. Privacy topic will be covered in more detail in another article. However Privacy and Security overlap to some extent.
Telos Working Groups Security and GRC (Governance, Risks, and Compliance) have considered industry best practices based on sound Risks Management principles. Meaning that selection and application of information security controls and measures are based on risk based approach. The cost of implementing and deploying security controls and measures should not exceed the risk exposure. So Telos working groups have focused on protection measures that should make it impractical for the bad actors to harm (or cause damage) to the Telos Blockchain Network, Blocks Production operations, as well as it’s stakeholders.
Does 100% Security Exists?
Bitcoin Blockchain is considered most secure due to huge computing resources that are protecting the blocks. But is it 100% secure? The answer is BIG NO. Theoretically it is possible to execute 51% attack on Bitcoin Blockchain. But it is not particle for bad actors (most probably) to justify and execute such an attack due to the need of tremendous resources (both in terms of time and money) that are required. Moreover there is no guarantee that the bitcoin source code is 100% secure and it could behave unexpectedly (though it is extremely less likely). Neither it is guaranteed that all the bitcoin nodes and applications are configured properly in all environment to ensure protection in all unknown scenarios.
- Ref: A hypothetical 51% attack scenario (Bitcoin) – https://en.bitcoinwiki.org/wiki/51%25_attack
The point is that nothing in this universe is 100% secure, neither pure random numbers exist. And the whole point of security controls and measures is to make it impractical for the bad actors to succeed in compromising the target infrastructure, systems and services.
EOS Jungle Testnet Suffered Critical Attack
The EOS Jungle Testnet has recently suffered an attack. It had been shut down for at least a day until the network resolved the problem. In this case the attack occurred on the testnet, not on the mainnet. This event was less damaging. However there is indirect effect of brand damaging to the mainnet. Though EOS users should were not affected. This provides us a huge lesson. It is theoretically possible to attack the EOS mainnet in the same way, although doing so would cost over billions of dollars.
A Piece of Advice regarding Security
If anyone (any EOS Mainnet supporter or any Telos supporter) is claiming that his or her Blockchain Network, Infrastructure, Systems and Services are 100% secure…. then, I am sorry to say that “he/she is either lying or he/she knows nothing about information security”. As said there is nothing in this universe that is 100 fail-proof.
Where stands TBN (Telos Blockchain Network) regarding security
Telos has considered industry best practices based on sound Risks Management principles. Telos working groups have made best efforts to ensure that TBN (Telos Blockchain Network) has deployed enough administrative and technical controls to safe guard known and unknown attacks. Telos working groups have also documented well defined Governance Framework and produced mandatory minimum requirements applicable to stakeholders of the TBN.
Some of the Best Practices Considered
These are some of the best practices that have been considered by the members of TLG (Telos Launch Group) in different working groups.
Please also remember that Environment will change (environment around us is not static), technology will change, understanding and knowledge will change; and hence the Risks will change. So the needed security controls and measures will also change. We are living in a dynamic and agile world.
Above considered Frameworks, Legislation and Standards will also change with time. Hence, within the Governance Framework, Telos has considered continuous improvement processes. Continuous on-going improvement is something that is considered one of the most fundamental pillars in the best practices to ensure a balance between “security controls and measures” and with the ever changing cyber threat landscape.
- Website: https://telosfoundation.io/
- Twitter: https://twitter.com/HelloTelos
- Facebook: https://www.facebook.com/TelosFoundation.io
- YouTube: https://www.youtube.com/c/TheTelosNetwork
- Medium: https://medium.com/@teloslogical
- Reddit: https://www.reddit.com/r/TelosNetwork/
- Discord: https://discordapp.com/channels/466757729508261889/468500684858327040
- Instagram: https://www.instagram.com/telosfoundation.io/
- Telegram (English): https://t.me/HelloTelos
- Telegram (test net): https://t.me/TelosTestnet
- Telegram Community Rewards: https://t.me/teloscommunityrewardsgroup