Building the Future We Deserve – A Cyber Success Story

Building the Future We Deserve – A Cyber Success Story

Consider a conventional computer. It uses a small (64-bit) processor architecture and is considered excellent for solving linear problems. Many past and present problems are linear, and 64-bit architectures have been sufficient to solve them (a 64-bit register can hold any of 264 over 18 quintillion [or 1.8×1019] different values). However, if you want to solve a much more complex problem such as those that occur in natural chemistry and physics, using a linear approach is not possible due to the massive numbers and variables that must be considered to reach a solution. Conventional computing and linear problem-solving approaches are quickly overwhelmed by this complexity.

Enter a quantum processor that harnesses bits that are atoms or subatomic particles. Because of the nature of quantum mechanics, those bits can represent anything (e.g., 0,1, or anything in between) and potentially exist anywhere in space. If you connect those bits with entanglement into a circuit, for example a 73 quantum bit (qubit) circuit, the word size is now 2 to the 73rd power (273). This works out to be a yottabit of data, which is equivalent to all the data stored in the world in the last year. Imagine a computer that can process all the data stored in the world in the last year in a single instruction.

This computational capability is amazing for operations such as molecular science, neural networks, and weather simulation. As another point of reference, you have about a trillion neurons in your brain. Think about interrogating the whole state of a complex neural network like your brain into one instruction. This is possible in the future using quantum computers. It is fascinating, and it will open us up to huge breakthroughs in technology, science and nature.

This fantastic computational power is a double-edged sword, however. The problem is that our current public encryption (think the entire internet) is based on a single transaction – factoring a large prime number. Quantum’s large word sizes are great for factoring large prime numbers, rendering much of our current cryptographic capabilities useless. Also, the current cryptography on nearly all electronic devices, whether a watch, phone, computer, or satellite, is based on the same prime number factorization. So far, factoring a significant prime number on a conventional computer is still extremely difficult. But quantum computers pose a threat because they can do it quickly.

Challenges

Although cryptographically relevant quantum computers (CRQCs) are still a few years away, we understand that they have the potential to expose our most vulnerable information on all edges of the network. The Hudson Institute recently published a study demonstrating what a quantum attack would do to our banking system. They used an econometric model with 18,000 data points and concluded, "The first quantum attack against the top five banks could cost our economy up to $2 trillion and impair up to 60 percent of the US assets.” Also, in another study by the Hudson institute, it concluded that a single quantum computing attack on cryptocurrency would cause massive damage, “precipitating a 99.2 percent collapse of value, inflicting $1.865 trillion in immediate losses to owners, with nearly $1.5 trillion in indirect losses to the whole economy due to that collapse. All in all, we are looking at a $3.3 trillion blow to the U.S. economy.”

One foreign nation-state is said to have harvested up to twenty-five percent of the global encrypted data. We cannot imagine the damage that will be done when all of that data is decrypted by a CRQC. As we all have seen, digital warfare and cybercrime is coming to the forefront of the world’s attention. In the recent Russian invasion of the Ukraine, cyberattacks were the first salvo, not bullets or missiles. Quantum computers may be used as powerful weapons, and if cyberthieves exfiltrate data without post-quantum cybersecurity (PQC) protection they will be able to crack and decode it later. Alternatively, if data is protected with PQC, it may be safe for decades. The time to act is now. It is crucial to post-quantum fortify your data.

Producing a Post-Quantum Network

There are essential steps to converting existing networks to the next-generation post-quantum network. For example, NIST has been working on algorithms that are mathematically proven to be resistant to quantum attacks. As a result, we will go through a generational upgrade to our security that will have to use the NIST standards. In addition, it is necessary to use cryptographic resilient quantum keys with NIST algorithms to move toward a quantum resilient environment. Right now, the algorithms we use to secure or encrypt our data require a key. It is a non-starter for many enterprise and government customers to use non-NIST-compliant cryptography. Solutions are available that can use any of the final NIST algorithms, so enterprise and government don’t have to wait until NIST makes their final choices.

In addition to implementing NIST algorithms, a PQC solution must facilitate a zero-trust architecture. Zero-trust enforces secured communications between known devices. Only a small percentage of the current network conforms with zero trust, so we must upgrade the entire network as soon as possible.

Another critical element of the next-generation post-quantum network is the ability to actively monitor the communication channel. Post-quantum attacks will happen, and the future network must have active countermeasures to respond to changing threat conditions. This is not a one-and-done situation; we must continue to evolve and be diligent as threats change.

The networks we currently have are built on old technology, and all data on the today’s networks is vulnerable to attacks, including cryptoanalysis for keys, side-channel, or man-in-the-middle attacks.

Use Cases and Risks

Virtually all connected electronic devices use encryption, so the use cases for the post-quantum network are nearly limitless. We anticipate that the two earliest adopters of the post-quantum network will be the government and finance sectors. There are timely opportunities in these industries to create a secure network that ensures fidelity and privacy for all users of these critical systems.

Government entities have numerous stakeholders and diverse interests, but all share the crucial goal to protect citizens and sensitive national data such as social security numbers, tax records, classified materials, military secrets, healthcare data, and beyond. Juxtaposed to this hugely important and complex task is the outmoded network infrastructure used to hold this data. These current infrastructure systems are old and coded in legacy languages that are difficult to update. It is essential that the solution for these systems be able to easily and simply interface with legacy systems to transform them to post-quantum seamlessly and securely.

Recently, government organizations were required to comply with the Jan. 8 National Security Memorandum (NSM-8) from the White House identifying their post-quantum capabilities within the next six months. They recognize that they need to fill the critical gap between the open-source cryptographic libraries and the challenging network environment in which these entities in. This huge lift will undoubtedly require a seamless software deployment of PQC. The stakes are high, and the deadline is looming. Protection of government data is paramount as we see increasing threats from cyberattacks and ransomware. These networks are threatened as we approach the quantum computing era, but quick action will stem the tide and protect our most sensitive data.

Financial institutions represent a private sector reflection of the challenges faced by government entities. Here, they face similar challenges—critical information (bank account numbers, PII, etc.) that changes infrequently and thus is of extremely high value over the long run to bad actors. Additionally, these institutions are highly regulated and will likely need to follow regulations like the NSM-8 issued for government organizations in the near future.

Savvy, forward-looking financial institutions are already looking into post-quantum network solutions. As mentioned above, the Hudson Institute has estimated that the first successful quantum attack would cause a cascading financial failure. These institutions should secure their internal networks where the bulk of this sensitive data lives, including document-sharing systems, messaging, and more. They are also eager to expand this offering to all interactors with their networks, including individual clients who access their accounts via mobile apps or browsers.

Beyond these early-adopter industries, there are some other exciting applications of post-quantum cryptography. One particularly interesting application is in the Metaverse. The Metaverse focus is heavily on identity, which is the future of authentication. In the Metaverse, you can imagine if someone hacks your digital twin or the assets you own there, you would be faced with a very messy, expensive and even dangerous situation. PQC is badly needed to protect you in the Metaverse, and companies providing Metaverse infrastructure and systems would be wise to integrate PQC in the beginning, while the Metaverse is being formed.

In healthcare, there is risk in distributed hospital systems which secure PII or confidential healthcare data patient records. PII, especially as we turn toward the personalized medicine era and genomic sequencing, will be critical to protect with PQC over the long run—unlike web accounts, genetic information does not change over the life of the user.

There is a myriad of use cases for protecting our infrastructure and data via PQC. Bad actors could go after our banking systems, military secrets, sensitive government data power grids, water supplies, health care systems, and more. We must protect ourselves in the face of these threats and the ever-changing geopolitical landscape before us.

The post-quantum network of the future does not have to be complicated. All you need is a software-based post-quantum orchestration platform with zero trust, active monitoring, and network protocol switching that interoperates with today’s infrastructure. Approaches offering this technology are available now, we just need the collective will to create a genuinely safe future.

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

    Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.