Governments worldwide are responsible not just for the physical security of their citizens but their digital security too. The private and public network infrastructure used by state-run institutions contains a wealth of sensitive, confidential and personally identifiable information. This makes it a very attractive proposition for any financially or ideologically motivated cybercriminal.
Big data requires big data security, which means protecting both the data itself and the networks across which it travels. The long-term value associated with much of this data means cybersecurity strategies need to provide protection not just against today’s disclosed threats but tomorrow’s emerging threat landscape.
Of course, government has a broader responsibility than simply keeping its own house in order. It has an essential role to play in the development and implementation of national cybersecurity standards. From breach notification legislation and data privacy laws to mandating zero-trust architecture for critical infrastructure, the remit is broad.
Meeting The 5G Security Challenge
The global roll-out of 5G networks has not been as smooth as some might have expected. Despite widespread acknowledgement that the fifth generation of cellular technology is essential for an effective IoT and big data world, implementation has been stymied by security concerns. Principal amongst these has been the potential for foreign states to use the infrastructure to eavesdrop on global communications. In the U.S., the FCC recently voted unanimously to “rip and replace” Huawei equipment at a cost of $1.9 billion.
While we think of 5G as a wireless technology, it is important to recognize that it is built on a fixed network of fiber optic cables. These high-speed networks that are the backbone of today’s communications infrastructure have to be protected.
Securing The Network
Fiber tapping has been an effective eavesdropping tool since the networks were first deployed in the 1990s. The Snowden revelations in 2013 demonstrated the extent to which the NSA was exploiting fiber network vulnerabilities, a policy that appears to be alive and well today as evidenced by the recent revelations in Denmark.
Effective use of high-speed networks is dependent upon trust: trust that the data is authentic and trust that it remains confidential. For the next generation of high-bandwidth networks, the question remains: how do you secure the network?
Public key cryptography is a vital weapon in the war against cybercrime, but it faces an unprecedented threat in the form of the quantum computer. Much has been written about the processing potential of quantum computers and how this could be a powerful tool for advancing the fields of statistical analysis, medical research and simulation. However, that same quantum computer processing power will render obsolete the public key cryptosystems we currently rely on to secure the internet. Clearly, this falls under the remit of long-term data protection and has become an area of focus for governments and corporations worldwide.
The Quantum Revolution
Quantum computers are not the only application of quantum technologies that will influence how we secure tomorrow’s communication networks. In fact, some quantum applications have already been successfully commercialized and are helping to ensure the confidentiality and authenticity of data.
Encryption solutions are only as secure as the keys they use. The strength of the key is determined by the quality of entropy (randomness) used to generate it. Quantum random number generators (QRNG) are being used as a source of genuine entropy for key generation in applications ranging from core network infrastructure to mobile apps and IoT devices to create secure keys and help protect the authenticity and integrity of data.
Quantum key distribution (QKD) may represent the ultimate in long-term data protection as it delivers provably secure key exchange and confidentiality. It leverages a core principle of quantum physics that observation causes perturbation. In essence, this means any attempt to intercept or eavesdrop on the key transfer will cause transmission errors, which can be detected by legitimate users. At the end of the day, only valid secure keys are used, which ensures safe encryption and distribution of the data.
As the cloud goes quantum, one of the biggest markets will be the service sector, where QKD could be utilized to help secure financial transactions and data transmission.
An Investment In The Future Of Quantum
Those in the know are referring to the 2020s as the decade of quantum. Across the world, a broad range of quantum programs are underway. A recent report by CIFAR identifies 17 countries with an established quantum R&D strategy in place, with three others having a coherent strategy in development. These initiatives are designed to encourage the development of commercially viable applications of quantum technologies and are backed by significant levels of investment.
The CIFAR report estimates that worldwide funding of quantum has reached $22.5 billion, with China leading the pack with a $10 billion investment. Europe also demonstrates a strong focus with $1 billion allocated to the Quantum Flagship initiative, as well as the upcoming EuroQCI initiative, which aims at deploying national quantum communication networks by 2027. The U.K. government has allocated over $1 billion to a multi-phase, 10-year strategy and in the U.S. the National Quantum Initiative Act approved $1.2 billion in spending across multiple departments.
Research is focused on three key areas of technology: quantum sensing, quantum communications and quantum computing. The CIFAR report highlights a near-term emphasis on quantum communications but also acknowledges that international governments have set their sights on the cybersecurity implications of the technology.
The quantum era is no longer a theoretical projection of a future technology state. With the commercialization of technologies like QRNG and QKD and the rapid development of the quantum internet, the future is now. Organizations must look into quantum security solutions (full disclosure: my company offers such solutions) to strengthen their current cryptosystems and provide instant, reliable, easy operation for both today’s and tomorrow’s data communications.