Last Updated: 2nd September, 2020
Quantum Ready: That’s no question that quantum technology can offer a magnitude of opportunities, solving unique problems which cannot be solved even by the fastest supercomputers. Take into account what consequence quantum technologies would have on satellite communication systems, automated driving vehicles and capabilities of molecular mapping.
As yet, many exciting innovations that quantum technology promises must be realized for a proactive posture first to protect our data & systems security and prepare for the future. Collectively, we want to realize all of the benefits of the quantum without compromising security.
The fact is, quantum computers will be able to break the cryptography underlying Public Key Infrastructure (PKI), constituting an unprecedented problem for encryption and authentication that enterprises put their trust in today. The services and infrastructure that we depend on most for our security, governance, national health, and safety has been until now at risk for cyber-attacks. That risk will increase exponentially with the advent of quantum computers.
The NIST National Cybersecurity Center of Excellence (NCCoE) has already put in place several practices “to ease the migration from the current set of public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks,” according to its latest update.
Quantum Ready: Cryptography Constitute The Foundation Of Digital Trust
Core industries including energy, automotive, and Internet of Things manufacturing, depend on a trusted, cryptographic architecture for security at multiple levels: a threat to cryptography constitutes a global threat to digital trust. Broken cryptography can result in unauthorized access to sensitive information and lack of control over connected devices. Consider the impact on a nuclear plant, an autonomous vehicle, or an embedded pacemaker.
Quantum technology will deliver a tremendous effect on organizations’ trust infrastructure. Imagine a pyramid, with cryptography at every layer, the glue clinging to everything together. If one layer erodes, it could wreak havoc on our trust infrastructures in every industry and sector with catastrophic results.
The energy sector, especially, has already been vulnerable to cyber-attacks. Today’s exploits typically happen in the uppermost layers: compromised user credentials, admin system misconfiguration. With the quantum computing, the most trusted elements – identity infrastructure, platform, architecture – become easier to attack, leading to more severe breaches.
Quantum Ready: Planes, Automobiles, Trains And Energy Grids
Airplanes, automobiles, satellites, energy grids. These durable, critical devices are exceptionally vulnerable to attack, as these connected devices have long in-field lives requiring their software/firmware signing trust anchors to be updated. Imagine a state-sponsored hack intercepting and then forging software updates for a satellite.
Let’s take a look at the automotive industry. It is currently undergoing an electrification process. In a few years, every modern vehicle sold will enjoy some degree of autonomy built in. Quantum technology can facilitate a great deal here; for example, with designing more efficient and safe batteries.
Concurrently, these vehicles will increasingly rely on software that will need to be updated periodically to resolve issues or include new functionality. Today, these updates are mostly performed manually when physically servicing the vehicle.
The next massive OS war is in your dashboard, proposes a Wired article. Consider this. New cars roll off the assembly line with 100 million lines of code; this number will easily double with autonomous features. It will become essential to ensure that over-the-air (OTA) updates are authenticated and secure.
To perform these updates, automobile manufacturers need to build on and deploy quantum-safe, updatable components. Quantum-safe mechanisms will verify the updates are not forged and are coming from the original equipment manufacturers. Imagine the billions of dollars of cost savings if car manufacturers could update a component and handle cryptographic changes and eliminate recalls for electric issues – without requiring in-person maintenance and updating.
Recalls are established; recent electrical issue recalls: Kia recalled more than 200,000 vehicles this year; Fiat Chrysler Automobiles recalled more than 182,000 vehicles in 2019; and Volkswagen recalled 679,000 cars in 2018. To imagine the improved user experience these updates will offer: increased well-being and safety and less hassle of not having to schedule an appointment.
In the energy sector, we have seen power grids become the target for nation-orchestrated cyber-attacks, where equipment has been in place for decades. “The power sector became a prime target for cyber criminals in the last decade, with cyberattacks surging by 380% between 2014 and 2015,” according to an article in Power Technology. EV charging stations, the intersection of two critical infrastructures – transportation and energy – could be exploited to harm other sections, warns E&E News.
A vulnerable system presentation will be exponentially additionally at risk when quantum technologies arrive. What can organizations undertake currently to strengthen and future-proof their cryptographic infrastructures?
Organizations with mission-critical security requirements can strengthen and start future-proofing their cryptographic infrastructures today. They can start preparing for quantum computing now by making their systems crypto agile.
An appropriate first step is to inventory systems and algorithms. A few questions to determine quantum preparedness urgency:
- How many years does the device require to be secured for?
- How long does the information need remaining confidential?
If the answer to either question is more than seven years – Jet engines, pacemakers, cars — start preparing today. Bridging the gap between current and quantum-safe security will require a innovative approach. Many organizations are looking to adopt a crypto agile posture without affecting prevailing systems, to, and end users.
The ISARA Catalyst Agile Digital Certificate Technology is an example of a crypto agility methodology for creating an enhanced X.509 digital certificate that simultaneously contains two sets of cryptographic subject public keys and issuer signatures. Enhanced X.509 certificates are compliant with industry standards and if incorporated, will enable organizations to meet compliance. This allows organizations to perform a gradual migration by upgrading their most critical, at-risk assets in phases and with maximum backwards compatibility.
As of now, cybersecurity threats are like plugging a kitchen sieve. When the quantum comes, the threats will be like plugging the Hoover Dam. Unless organizations take a proactive crypto agile posture today.