NOW Is the Time to Secure Your Digital Infrastructure

Some of us remember Y2K. Well, there is now Y2Q, or “Years to Quantum”.This is the projected time when a quantum computer will break the security codes, such as RSA, that we have come to rely on to secure things such as financial transactions, communications and other critical infrastructure to name a few. Some experts project that Y2Q will occur before 2030. Worse still, the threat of “Harvest Now, Decrypt Later” is already present. In other words, we may not know whether systems have been compromised until much later when hackers act on the data breach. “This is really very serious,” says Bruno Huttner, co-chair of the Quantum-Safe Security Working Group at the Cloud Security Alliance. “If there was a quantum computer tomorrow, we wouldn't be able to talk together with any kind of security.”
The good news is that there are emergent quantum technologies that promise a new era of security through quantum entanglement, with the ability to provide security levels that are currently unattainable with classical security systems.One such technology is Quantum Key Distribution (QKD). QKD is a quantum-based technology that leverages quantum mechanics for key exchange between distant endpoints.Unlike conventional mathematics-based methods to protect data, QKD uses quantum physics that make it impossible to create identical copies of an unknown quantum state, eliminating a tactic hackers use today to copy network traffic.Furthermore, if a hacker gains access to the system, the system will change in a way meaningful enough that the intended parties will know.
Companies in key industries are beginning to take action:
- Pioneering financial services firms in this space include J.P Morgan and Wells Fargo. J.P Morgan, a pioneer in quantum research has adopted a dual strategy, combining QKD for the lower layers of the network stack with post-quantum cryptography (PQC), a set of encryption algorithms resistant to quantum computing attacks for the application layer. The Bank of England is evaluating QKD for securing interbank communications. However, these efforts are still limited within the industry.
- In healthcare, some major institutions are already implementing QKD in select areas. For example, a large US hospital network has implemented quantum-safe cryptography to protect its electronic health record, and a global healthcare research organization uses quantum cryptography to secure communications between research centers across Europe and Asia.
- In telecommunications, some operators are beginning to implement QKD technologies, and vendors are introducing new solutions. We at ACG have recently highlighted Aliro Tech, an innovative young company developing such solutions. Toshiba has recently announced new technologies for global-scale quantum networks. Established vendors such as Ciena are already embedding QSK technologies into its products. European telecom operators are taking the lead in quantum technology.The continent boasts over 25 quantum networks in various stages of deployment. Noteworthy projects include a commercial quantum network in London and a collaboration between BT and Toshiba Europe.
We at ACG specialize in the telecommunications industry and note that aside from limited efforts, of which we highlighted some, the industry is in the early innings. We argue that the time is now to take post-quantum networking seriously. We expect that Tier 1 operators already have plans underway but believe that the rest of the industry needs to step up.
Aside from implementing quantum cryptography in their networks, telecom and cable operators have a significant opportunity to offer QKD as a service. Such a framework is not new to operators. This is what they have done with SD-WAN and SASE not too long ago.
We at ACG are developing a framework for QaaS and are exploring how we can help operators step up and offer these essential capabilities to their customers. As we progress in our research we will keep you abreast of developments as well as continue to update the industry in blogs, market impacts and videos/podcasts.
Liliane Offredo-Zreik is a principal analyst with ACG Research. She can be reached at loffredo@acgcc.com.
________________________________________
5https://www.techtarget.com/searchsecurity/definition/quantum-key-distribution-QKD
8 https://www.global.toshiba/ww/technology/corporate/rdc/rd/topics/24/2409-02.html