A Carpe Diem Moment for the IoT and Cybersecurity
While we are all still in the early stages of a networked, always-on Internet of Things world, this is the precise time to develop crucial and effective cybersecurity solutions to combat growing threats. The developing ecosystem needs new ideas for bold government actions, particularly to reduce the risks of quantum computers.
Quantum Threats Looming
The news about quantum computers just keeps coming. Reports from companies such as IBM and Google indicate that we will soon have access to commercial quantum computer resources. Google teases that it will produce a viable quantum computer within the next five years. IBM topped that, announcing it would have a quantum computer ready later this year. Granted, IBM's quantum computer reportedly will function only at temperatures colder than outer space—meaning it won’t exactly be practical for a wide variety of uses yet.
However, on a grander scale, quantum computers are tackling some practical problems. Canadian researchers trained a D-Wave quantum computer to distinguish trees from other parts of a landscape in a satellite image. This is a big deal because it demonstrates how quantum computers can address problems involving too many calculations for today's computers to complete quickly.
But there is a snag: Quantum computing jeopardizes data security. At the recent RSA Conference in San Francisco, Rep. Michael McCaul (R-TX) said quantum computers are a “digital atomic bomb” and called for U.S. officials to “lead a coalition of like-minded nations to prepare for the quantum future.” He compared quantum computers to nuclear weapons because they could render obsolete the fundamental components of cybersecurity. The creation and distribution of keys to encrypt sensitive data depend on algorithms that will be vulnerable to quantum computers, which will have the capacity to break those algorithms.
All hope is not lost, though. Quantum key distribution, a secure method of exchanging keys using the laws of quantum physics, is maturing and making inroads into free-space approaches. The National Institute of Standards and Technology (NIST) has issued a call for proposals for quantum-resistant cryptographic algorithms. And a number of private companies are rolling out and testing crypto to fend off quantum attacks. In the meantime, you can already avoid algorithmic key generation because quantum random number generators that produce true random numbers at very high speeds are already commercially available.
McCaul and others proposed a number of noteworthy actions at the RSA Conference. Brad Smith, Microsoft’s president and chief legal officer, suggested a "digital Geneva Convention" to keep people and businesses safe from nation-state cyber attacks. Bruce Schneier, chief technology officer of IBM Resilient, recommended a new U.S. regulatory agency. "The market is not going to fix this because neither the buyer nor the seller cares," Schneier said at the conference. "The market tends not to fix safety or security problems without government intervention."
The Washington-based Center for Strategic and International Studies (CSIS) Cyber Policy Task Force has proposed a new model for reporting cybersecurity breaches that would encourage organizations to reveal attacks.
"The model that was most popular was the National Transportation Safety Board,” said Sameer Bhalotra, West Coast co-chair of the CSIS task force. “[It] provides limited immunity and a lot of anonymity to pilots and airline operators, who explain what happened so we can learn for the benefit of everyone else. We want the same thing in cybersecurity—a safe way to share information so it's not pointing fingers and not blaming the victims, and we can all learn how to stop this from happening again."
Jane Melia is vice president of strategic business development at QuintessenceLabs, a provider of quantum cybersecurity solutions and maker of quantum random number generators.