Encryption is an essential part of data security. It provides a fundamental layer of protection that shields confidential data from exposure to attacks. The security of the internet depends on encryption; it is needed to protect information transferred across telecommunications networks, as well as residing in files and databases.
Today the threats facing firms are significant and cybercrime is on an annual increase. What’s worse it that many organisations lack the most basic security infrastructures and don’t encrypt all their data. This makes them especially vulnerable to attacks. A cyber breach, for instance, can have a profound impact on an organisation and can quickly force a business into administration. The Cyber Security Breaches Survey revealed that nearly seven in ten large businesses identified a breach or attack in 2017. The same report also found that businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51 per cent compared to 37 per cent).
The Quantum Threat
Quantum computing will likely deliver tremendous progress in many industries, be it machine learning, genomics and clean energy. However, in the realm of data security it represents a significant threat. Indeed it has been reported that a future quantum computer with only 256 qubits could destroy the basis for all modern day encryption methods. Although this is a few years away, many believe that it is imperative for firms to acknowledge the threats they face in the future.
“Today, many of the cyber security protections we all have will be vulnerable to attacks from more powerful quantum computers. Our objective is to help prepare people for the quantum world.” Jane Melia, QuintessenceLabs.
QuintessenceLabs is a global leader in quantum cybersecurity. The organisation was founded in 2008 in Canberra, Australia, by a team of pioneering scientists from the Australian National University leading research in the field of Quantum Key Distribution (QKD). QKD is a secure communication method that uses quantum properties to exchange secret information – such as a cryptographic key, which can then be used to encrypt messages that are being communicated over an insecure channel. Today QuintessenceLabs partners with organisations across a range of organisation in finance, health, aerospace and defence as well as government.
This Week Quantum Business spoke with Jane Melia, the VP of Strategic Business Development at QuintessenceLabs. Jane has been in this position since 2014 and previously has a wealth of experience for a variety of organisations where she led the corporate strategic decision-making regarding products, customer segmentation and supply. In our interview, Jane shares her insights into the myriad threats facing organisations and how leaders should react moving forward to protect their data. She argues that quantum technologies provide an elegant and powerful solution to the threats facing organisations today and the threats of tomorrow.
“QuintessenceLabs is a quantum cyber security company. What that means is we combine both advancements in quantum technology (quantum key distribution) with classical more conventional cybersecurity techniques, such as key management and encryption.”
Analysing Cyber Crime Today
Cybercrime is relentless, undiminished and unlikely to stop. It is too easy and too rewarding and the chances of being caught and punished are perceived as being too low. According to a 2018 global cybersecurity report, the total cost of cybercrime to the world economy was $600 billion in 2014 with the cost rising annually. One major internet service provider (ISP) reports that it sees 80 billion malicious scans a day – the result of automated efforts by cybercriminals to identify vulnerable targets and organisations.
“Cybercrime remains far too easy because many technology users fail to take the most basic protective measures and many technology products lack adequate defences. Cybercriminals use both simple and advanced technology to identify targets, automate software creation and delivery, and monetisation of what they steal. From our perspective, the indication is that every company has been breached – they either know it or they don’t. I think the rise of cybercrime is linked to the increase in cloud, trade and data exchange. I guess it is the increasing sophistication in the individuals and companies who are working in cybercrime areas – as it is a very lucrative business.”
“There are a lot of challenges with data protection and cyber security. There are a lot of vulnerabilities and ways to get exposed by the insider threat/ insider error. If there is very poor implementation of encryption, data is exposed. There a lot of drivers that make people vulnerable. The IoT exposes huge amounts of vulnerability – many of the devices that (can’t understand).”
Protect Your Data!
“What leaders need to be aware of is that they’re going to be attacked and in many sophisticated ways. They therefore need to easily and seamlessly equip the data they have.”
“There are so many providers in the market offering various solutions and analytical approaches. I think the advice that we would give everybody is your protection is unlikely to be 100% sound. There are hackers in this situation where you protect everything and they only need to find one crack. Blocking every crack is very hard.”
“Our advice is whatever you do, protect your data in a sound way. Make sure you encrypt your data wherever it is. Implement a strategy across your organisation which would allow you to access data very easily while allowing it to be encrypted. So you need to think about how do I choose and how do I implement a proper key management. It should be centralised. It should have embedded hardware security modules. The keys generated need to be secure. S, you need to think carefully about all encryption problems. We believe that having the stronger keys makes that even stronger. At the very least make sure you’re encrypting your data. If you want that added security use a true random number generator.”
Quantum Random Number Generator
To do any advanced form of encryption Jane explains that you need to have a very strong source of random numbers. “People have been relying on algorithmic random numbers because they have no choice, since true random number generators were too slow to be of practical commercial use. This has resulted in security breaches when those algorithmic approaches had flaws, something users can only know after the fact.”
“Quantum physics is fundamentally random and this inherent randomness has been harnessed into commercial quantum random generators that produce fully random numbers at high rates cost effectively. Devices are starting to be integrated into security infrastructure for the cloud in finance and beyond. This is a trend that is expected to increase over the coming years. As a bonus, the use of longer, higher quality true random keys was identified by the NSA as being one of the strategies to protect data from the threat of quantum computers, so using a high quality quantum random number generator enables security-aware companies to get a head start in that direction.”
Jane told us that QuintessenceLabs have the qStream device, providing encryption keys with full entropy (true randomness).
“QuintessenceLabs have got the fastest quantum random number generators in existence. Our quantum random generator is embedded in most of our key management appliances, fitting easily into a compact, one rack unit form factor. Any time you need a key, you can just tap into that and you’ve got everything you need to make that foundations of security really robust. Users can also purchase the qStream card separately for integration into their own appliances.”
“Most of our customers are going for the hardware solutions – you’ve got key management and fast random number generator that comes with it. It’s fast and it’s cheap – it makes it way stronger. But for some architectures, our customers just want our key management capability as a virtual machine, which is purely software, and that is available too.”
“With us it means you can effectively do what you want with it in terms of key generation- it means you don’t have to make that choice – sacrificing security for speed.”
Quantum Key Distribution
Quantum key distribution (QKD) is a secure communication method which implements a cryptographic protocol involving components of quantum mechanics. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages.
“This is one of the foundational elements of QuintessenceLabs, and enabled the development of our QRNG and key management capabilities. We deployed our first proof of concept of our continuous variable quantum key distribution system in Melbourne a few years ago and are aggressively maturing it in partnership with the Australian Department of Defence, enhancing throughput and enabling free space implementation, a true game changer for this type of security.”
How does it work? “Its security is based on a fundamental characteristic of quantum mechanics: the process of measuring a quantum system disturbs the system”.
“An attacker trying to intercept the key exchange will inevitably leave detectable traces, allowing that information to be discarded. It has been proven to be safe, independently of the processing power of the attackers, and is therefore not vulnerable to quantum computers. This is a developing technology with challenges to overcome, but companies are beginning to roll out commercial implementations, and development under way will move beyond point-to-point capability and even emancipate it from the current constraints of fibre optic connections to free space and ultimately mobile devices. Certainly worth watching.”
Cyber Security For the Quantum Era
Jane believes it can be extremely confusing as a medium sized business trying to figure out what the best strategy is moving forward. “Managing the keys and the policies, the lifecycles of those keys and all the data associated with that over a large organisation is far more complex than encryption itself.”
“With quantum computers maturing at a rate faster than many expected, firms need to prepare for the future today.“
“This is particularly true if you have sensitive data such as financial information or personal information where there is a lead time to implement a quantum safe security architecture. And there is also a time when the data you’re holding today is going to become sensitive. If you have data which is going to be sensitive for another 5-10 years, and you know it’s going to take 2 years to implement a quantum safe architecture – you’re kind of in trouble as quantum computers in the next 10 years could be a realistic threat. That is entering the area of vulnerability to your data.”
“Start thinking about what you need to do to make your organisation more quantum safe. Implement true random numbers for all your security needs. Start thinking about quantum key distribution, or quantum safe algorithms. Start strategising so you’re able to hit the ground running as soon as possible.”
Jane reveals some of the trends they’re seeing from their customer base. “The financial industry clearly values the highest levels of security. One of our key partners and investors is the Westpac Bank which is the oldest bank in Australia. We also work the government sector and have deployed multiple devices at the US State department. Within Defence and Aerospace – we plan to work in the Australian ministry of defence.”
“Ultimately these are organisations where security is not an option. You have to make sure you protect that data.”
“We have activity in cloud security – for example we are technology partners with NetDocuments which is a cloud storage provider that securing 1.6 billion highly sensitive legal documents. They’re stored in the cloud and their protection is ensured thanks to the quarter of a million number of keys that QuintessenceLabs implements. Finally, we are also beginning to expand into the health sector. It is of utmost importance to protect people’s health information and it’s an area that has historically lacked maturity. It is an area that we are beginning to work with.”
This insight from Jane Melia and the perspective of QuintessenceLabs is another welcome voice to the growing network of quantum computing experts connecting with Quantum Business every week. Protect your organisation from the threats of tomorrow.
Welcome to Quantumbusiness.org. The first news portal dedicated to exploring the quantum computing revolution and its forthcoming impact on global industry. For more information on content creation and the opportunity to share your story with the world, please contact our lead editor Hal Briggs [firstname.lastname@example.org].