Building the Future We Deserve – A Cyber Success Story

Building the Future We Deserve – A Cyber Success Story

Consider a conventional computer. It uses a small (64-bit) processor architecture and is considered excellent for solving linear problems. Many past and present problems are linear, and 64-bit architectures have been sufficient to solve them (a 64-bit register can hold any of 264 over 18 quintillion [or 1.8×1019] different values). However, if you want to solve a much more complex problem such as those that occur in natural chemistry and physics, using a linear approach is not possible due to the massive numbers and variables that must be considered to reach a solution. Conventional computing and linear problem-solving approaches are quickly overwhelmed by this complexity.

Enter a quantum processor that harnesses bits that are atoms or subatomic particles. Because of the nature of quantum mechanics, those bits can represent anything (e.g., 0,1, or anything in between) and potentially exist anywhere in space. If you connect those bits with entanglement into a circuit, for example a 73 quantum bit (qubit) circuit, the word size is now 2 to the 73rd power (273). This works out to be a yottabit of data, which is equivalent to all the data stored in the world in the last year. Imagine a computer that can process all the data stored in the world in the last year in a single instruction.

This computational capability is amazing for operations such as molecular science, neural networks, and weather simulation. As another point of reference, you have about a trillion neurons in your brain. Think about interrogating the whole state of a complex neural network like your brain into one instruction. This is possible in the future using quantum computers. It is fascinating, and it will open us up to huge breakthroughs in technology, science and nature.

This fantastic computational power is a double-edged sword, however. The problem is that our current public encryption (think the entire internet) is based on a single transaction – factoring a large prime number. Quantum’s large word sizes are great for factoring large prime numbers, rendering much of our current cryptographic capabilities useless. Also, the current cryptography on nearly all electronic devices, whether a watch, phone, computer, or satellite, is based on the same prime number factorization. So far, factoring a significant prime number on a conventional computer is still extremely difficult. But quantum computers pose a threat because they can do it quickly.

Challenges

Although cryptographically relevant quantum computers (CRQCs) are still a few years away, we understand that they have the potential to expose our most vulnerable information on all edges of the network. The Hudson Institute recently published a study demonstrating what a quantum attack would do to our banking system. They used an econometric model with 18,000 data points and concluded, "The first quantum attack against the top five banks could cost our economy up to $2 trillion and impair up to 60 percent of the US assets.” Also, in another study by the Hudson institute, it concluded that a single quantum computing attack on cryptocurrency would cause massive damage, “precipitating a 99.2 percent collapse of value, inflicting $1.865 trillion in immediate losses to owners, with nearly $1.5 trillion in indirect losses to the whole economy due to that collapse. All in all, we are looking at a $3.3 trillion blow to the U.S. economy.”

One foreign nation-state is said to have harvested up to twenty-five percent of the global encrypted data. We cannot imagine the damage that will be done when all of that data is decrypted by a CRQC. As we all have seen, digital warfare and cybercrime is coming to the forefront of the world’s attention. In the recent Russian invasion of the Ukraine, cyberattacks were the first salvo, not bullets or missiles. Quantum computers may be used as powerful weapons, and if cyberthieves exfiltrate data without post-quantum cybersecurity (PQC) protection they will be able to crack and decode it later. Alternatively, if data is protected with PQC, it may be safe for decades. The time to act is now. It is crucial to post-quantum fortify your data.

Producing a Post-Quantum Network

There are essential steps to converting existing networks to the next-generation post-quantum network. For example, NIST has been working on algorithms that are mathematically proven to be resistant to quantum attacks. As a result, we will go through a generational upgrade to our security that will have to use the NIST standards. In addition, it is necessary to use cryptographic resilient quantum keys with NIST algorithms to move toward a quantum resilient environment. Right now, the algorithms we use to secure or encrypt our data require a key. It is a non-starter for many enterprise and government customers to use non-NIST-compliant cryptography. Solutions are available that can use any of the final NIST algorithms, so enterprise and government don’t have to wait until NIST makes their final choices.

In addition to implementing NIST algorithms, a PQC solution must facilitate a zero-trust architecture. Zero-trust enforces secured communications between known devices. Only a small percentage of the current network conforms with zero trust, so we must upgrade the entire network as soon as possible.

Another critical element of the next-generation post-quantum network is the ability to actively monitor the communication channel. Post-quantum attacks will happen, and the future network must have active countermeasures to respond to changing threat conditions. This is not a one-and-done situation; we must continue to evolve and be diligent as threats change.

The networks we currently have are built on old technology, and all data on the today’s networks is vulnerable to attacks, including cryptoanalysis for keys, side-channel, or man-in-the-middle attacks.

Use Cases and Risks

Virtually all connected electronic devices use encryption, so the use cases for the post-quantum network are nearly limitless. We anticipate that the two earliest adopters of the post-quantum network will be the government and finance sectors. There are timely opportunities in these industries to create a secure network that ensures fidelity and privacy for all users of these critical systems.

Government entities have numerous stakeholders and diverse interests, but all share the crucial goal to protect citizens and sensitive national data such as social security numbers, tax records, classified materials, military secrets, healthcare data, and beyond. Juxtaposed to this hugely important and complex task is the outmoded network infrastructure used to hold this data. These current infrastructure systems are old and coded in legacy languages that are difficult to update. It is essential that the solution for these systems be able to easily and simply interface with legacy systems to transform them to post-quantum seamlessly and securely.

Recently, government organizations were required to comply with the Jan. 8 National Security Memorandum (NSM-8) from the White House identifying their post-quantum capabilities within the next six months. They recognize that they need to fill the critical gap between the open-source cryptographic libraries and the challenging network environment in which these entities in. This huge lift will undoubtedly require a seamless software deployment of PQC. The stakes are high, and the deadline is looming. Protection of government data is paramount as we see increasing threats from cyberattacks and ransomware. These networks are threatened as we approach the quantum computing era, but quick action will stem the tide and protect our most sensitive data.

Financial institutions represent a private sector reflection of the challenges faced by government entities. Here, they face similar challenges—critical information (bank account numbers, PII, etc.) that changes infrequently and thus is of extremely high value over the long run to bad actors. Additionally, these institutions are highly regulated and will likely need to follow regulations like the NSM-8 issued for government organizations in the near future.

Savvy, forward-looking financial institutions are already looking into post-quantum network solutions. As mentioned above, the Hudson Institute has estimated that the first successful quantum attack would cause a cascading financial failure. These institutions should secure their internal networks where the bulk of this sensitive data lives, including document-sharing systems, messaging, and more. They are also eager to expand this offering to all interactors with their networks, including individual clients who access their accounts via mobile apps or browsers.

Beyond these early-adopter industries, there are some other exciting applications of post-quantum cryptography. One particularly interesting application is in the Metaverse. The Metaverse focus is heavily on identity, which is the future of authentication. In the Metaverse, you can imagine if someone hacks your digital twin or the assets you own there, you would be faced with a very messy, expensive and even dangerous situation. PQC is badly needed to protect you in the Metaverse, and companies providing Metaverse infrastructure and systems would be wise to integrate PQC in the beginning, while the Metaverse is being formed.

In healthcare, there is risk in distributed hospital systems which secure PII or confidential healthcare data patient records. PII, especially as we turn toward the personalized medicine era and genomic sequencing, will be critical to protect with PQC over the long run—unlike web accounts, genetic information does not change over the life of the user.

There is a myriad of use cases for protecting our infrastructure and data via PQC. Bad actors could go after our banking systems, military secrets, sensitive government data power grids, water supplies, health care systems, and more. We must protect ourselves in the face of these threats and the ever-changing geopolitical landscape before us.

The post-quantum network of the future does not have to be complicated. All you need is a software-based post-quantum orchestration platform with zero trust, active monitoring, and network protocol switching that interoperates with today’s infrastructure. Approaches offering this technology are available now, we just need the collective will to create a genuinely safe future.

Featured

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3