Security CEO and founder of Safe Quantum Inc., working with data-driven companies to define, develop and deploy quantum-safe technologies.
Early experiences working in security taught me that to really have a good defense, you need to have depth—you need more than one technology. You can’t just have antivirus, for example, you also need anomaly detection. You need all sorts of things that won’t fail the same way.
I look at what we’re doing today in quantum communications the same way.
That means our defenses can’t be all post-quantum cryptography (PQC) or all quantum key distribution (QKD). They can’t be all entanglement-based. It needs to be a combination of those things that will be successful.
Yet, in quantum today, there is uncertainty. Just look at where we are with post-quantum cryptography as NIST enters its seventh year of vetting candidate algorithms.
In my view, the U.S. government’s biggest challenge may be that it is taking a bifurcated approach to how we view quantum security and quantum networking.
On the one hand, the National Institute of Standards and Technology (NIST) has done an excellent job in whittling down more than 80 algorithm submissions to a few finalist crypto standards, but there have been some bumps along the way that are worrisome.
One finalist algorithm and one semi-finalist were hacked with a laptop computer—nothing close to a powerful quantum computer. Understanding the potential for a quantum computer to be able to break cryptographic standards even more quickly in the future, the NIST algorithms are being re-labeled as “quantum-resistant” rather than “quantum proof.”
On the other hand, we have the Department of Defense, led by the National Security Agency, concerned about what QKD might not be able to guard against, which has possibly slowed development in QKD technologies and QKD-enabled networks.
The risk there is that the United States isn’t doing any of this in a vacuum. China and Europe are already well ahead in launching QKD network testbeds.
Doom and gloom aside, there are very interesting things being done in quantum today. There’s a big focus on building quantum memory and on developing all the components necessary to have an entangled photon transmission network. That’s particularly exciting from a security perspective because you’re instantly aware if someone is trying to hack into that system.
This is where the future of quantum security is going.
The most important thing we must do is commit to a much more cooperative effort across all the government agencies involved in quantum security, including entities like the Department of Energy, which is responsible for protecting the nation’s electric power grid.
Business leaders, in particular, can do three things today.
1. Examine your own security gaps to see what a quantum future holds.
2. Re-imagine quantum as a competitive differentiator, particularly in industries such as telecommunications and network services.
3. Actively seek to engage in public-private partnerships to accelerate the development and adoption of quantum technologies.
Between the federal government, university research arms and the technology leaders investing heavily in quantum, there is the ability to create a defense-in-depth quantum security strategy that would prevent the reliance on just one solution—and one point of failure.
And the time to act is now. For example, the QKD hardware available today works well and has been proven to deter “harvest now, decrypt later” attacks. This prevents attackers who may steal encrypted data and hold it until a quantum computer becomes available that can crack it.
It would be very wise to combine these technologies and get the best of all of them. While quantum computers are viewed as a potentially dangerous tool, they’re far more critical as a very positive thing that will change the world for the better in the next 10 to 20 years.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here
