National Standards Authority of Ireland New Standards Shop

Buy Irish Standards Online

Buy now


Smart contracts and blockchain technologies have reshaped how digital systems are trusted—but not necessarily how they are secured, writes Sudha E. Iyer, Head Security Architect with Citi and NSAI technical committee member.

 

The Rare Opportunity 

Smart contracts and blockchain technologies have reshaped how digital systems are trusted—but not necessarily how they are secured. While these innovations promised decentralization and transparency, the reality has been a fragmented landscape of hype-driven deployments and inconsistent security practices.

Beneath the surface lies a deep technical space—spanning industries and sectors—riddled with flashy promises, yet lacking the one thing that matters most: structure. Though there were exceptions, the vast majority of compromise cases traced back to poor security posture and hygiene. 

In early 2023, I was entrusted with leading one of the most persistent challenges in blockchain standardization: smart contract security—primarily by Fiona Delaney (Chair, NSAI NSAI/TC 2/SC 16 "Blockchain and electronic distributed ledger technologies") and Julien Bringer (Convenor, ISO/TC 307/ JWG4). But this wasn’t entirely unfamiliar terrain. I had been contributing to ISO/TC 307’s Working Group 6 (WG6) and Joint Working Group 4 (JWG4) since 2018, shaping global discussions on blockchain use cases and cybersecurity. These experiences laid the groundwork for ISO PWI 24875—intended to enable a structured international standard for smart contract security. 

Identifying Core Challenges 

When I stepped into the project lead role, I began by asking: Where exactly are the critical risks? The answers weren’t buried in advanced exploits but hiding in plain sight. Most vulnerabilities stemmed from issues that had become normalized: misconfigurations, unvalidated development libraries (like npm-install), and overly coupled systems like OpenDAO. 

Meanwhile, the industry clung to a myth: that blockchains and smart contracts were secure “by design.” But in truth, blockchains are provenance systems—not protection mechanisms. Security still relies on strong key management, clear access controls, need-to-know principles, and data segmentation—none of which are automatic in most blockchain environments. 

From Conversation to Clarity 

That year, I met Gabi Urrutia at a conference in Barcelona. A brief hallway conversation led to a deeper dialogue around architectural blind spots in smart contract systems. Gabi later reviewed a white paper I authored titled “Comprehensive Smart Contract Security using a Zero-Trust Architecture Approach based Architecture Development Method.” The paper served as a foundational research piece—advocating for boundary-aware diagnostics and a Zero Trust lens to secure contract logic from the design stage onward. 

Collaboration Is Always the Key 

Throughout 2023, the proposal for ISO PWI 24875 matured through global feedback. Experts from Korea, Spain, France, Ireland, the U.S., Russia, Germany, and Italy contributed insights. It became clear that a shared, structured standard was essential—not just for developers or auditors, but across roles and layers. The standard was designed to empower developers, engineers, and architects alike to address risks intentionally, and not just reactively. 

Structured Outcome, Informed by Experience 

The standard’s shape was guided by practical experience. Contributions came from research, formal documents, and collaborative review. This wasn’t about ticking checkboxes. It was about solving enduring problems through positive leadership—enabling industry-wide adoption of dependable techniques and security fundamentals. 

From Spectacle to Structure 

The approval of ISO PWI 24875 didn’t just end a ballot—it marked a shift away from marketing spectacle and into meaningful structure. It addressed systemic challenges—from short-lived flash-trading schemes to crypto-services that compromised investor trust and offered a way forward grounded in clarity and accountability. 

While the PWI doesn’t solve every problem, it defined the right ones. I encourage every thought leader and standards writer to leverage the flexibility of the PWI process: use it to conduct research, collaborate with global experts, and—guided by the wisdom of JWG4 convenors—build forward-looking standards that truly serve. 

Because in the end, spectacle doesn’t scale. Structure does. 

 

__________________________________________________________________________________

Background to Standards Technical Committee

Sudha is a member of NSAI/TC 02/SC 16, which is the Irish National Mirror Committee (NMC) following standardization in blockchain and distributed ledger technologies.

NSAI Technical Committee 02 is the parent standards committee for Information Technology. Subcommittee 16 is the standards committee following standardization for blockchain and distributed ledger technologies. Currently, this committee is reviewing multiple standards for blockchain and distributed ledger technologies, including those related to smart contracts, governance, interoperability, and tokenization of assets in the area. 

 

Get involved in a standards committee!

If you’d like to contribute to the development of standards for your industry, please visit https://www.nsai.ie/standards/standards-committees/

Related Content