27 Nov 2024
by Rahul Tyagi

Looking Beyond the Horizon: Managing and Exploiting Data in the Quantum Age

Guest blog by Rahul Tyagi, CEO at SECQAI #DefTechWeek

The digital age is transforming how we live and work, but it also brings increasing risks to our cyber landscape. Cyberattacks are not just becoming more frequent; they're also growing in sophistication.

From data breaches to ransomware, the threats to our digital infrastructure are at an all-time high. This escalation necessitates a proactive approach in defending against these attacks while needing to think several steps ahead. As we approach the dawn of quantum computing, understanding its implications is crucial for securing our future.

A Revolutionary Industry

Quantum computing represents a seismic shift in computational power, harnessing the principles of quantum mechanics to perform complex calculations exponentially faster than classical computers. At its core, quantum computing uses qubits, which can exist in multiple states simultaneously thanks to superposition and interact in unique ways due to entanglement.

This revolutionary technology promises to solve problems once thought to insurmountable, from drug discovery to climate modelling. Major tech companies and Governments are investing heavily in quantum research, signalling its imminent impact. However, with great power comes great responsibility, especially in cybersecurity.

 

What Quantum Means for Cyberattacks

 

The advent of quantum computing poses a significant threat to current encryption methods, which are the bedrock of modern cybersecurity. Today's encryption algorithms, such as RSA and ECC, depend on the complexity of factoring large numbers or solving discrete logarithms - tasks that quantum computers could accomplish in a fraction of the time. This shift means that many existing encryption methods could become obsolete, leaving sensitive data vulnerable to new types of cyberattacks.

In a post-quantum world, the nature of cyber threats could evolve dramatically. Quantum computing could enable malicious actors to break encryption codes, access confidential information, and disrupt critical infrastructure. This potential future underscores the urgency of developing quantum-resistant cryptographic algorithms and integrating them into our current security frameworks. Both the private sector and governments must work together to mitigate these risks and transition to a quantum-secure landscape.

The Smart Meter Threat

Amidst the quantum conversation, it's crucial to consider devices which could become a threat, for example Smart Meters. These devices are now commonplace in our homes, providing real-time monitoring of energy usage. However, many of these meters are being replaced without sufficient security measures, exposing critical vulnerabilities in infrastructures.

Research by the National Cyber Security Centre (NCSC) highlights certain security characteristics of the GB smart metering system designed to protect against conventional cyber threats. However, according to a uSwitch study on Smart Meter statistics in 2024, the integration of quantum encryption is still in its early stages and does not fully address quantum threats. Honeywell's efforts in leveraging quantum encryption for data security are steps in the right direction but fall short of addressing the fundamental problem posed by quantum computing.

Ensuring the security of smart meters is essential as they are part of the critical infrastructure. These devices collect vast amounts of data, and any breach could lead to widespread disruptions. Incorporating quantum-resistant security measures into smart meters will be a crucial step in safeguarding this data and maintaining the reliability of our energy systems.

Securing our Energy

Energy grids are vital components of our national infrastructure, and their security ensures stability in our daily lives. With quantum computing on the horizon, robust security measures are more urgent than ever. A promising approach to safeguarding this critical infrastructure is CHERI (Capability Hardware Enhanced RISC Instructions) technology, developed by the University of Cambridge and SRI (Scientific Reseach Institute) International, and endorsed by the National Cyber Security Centre (NCSC).

CHERI's architecture enhances memory safety by providing fine-grained control over pointers, known as "capabilities". These capabilities enforce bounds on memory regions that pointers can access, helping to prevent vulnerabilities like buffer overflows and use-after-free errors by ensuring that pointers cannot stray outside of designated memory areas.

Integrating CHERI into hardware is advantageous for critical infrastructure like energy grids, which are increasingly targeted in cyberattacks, as has the power to thwart many attack vectors, making it difficult for adversaries to exploit system vulnerabilities.

Hardware-based memory safety at this level also helps ensure that many classes of software vulnerabilities can be mitigated at the lowest level, which boosts resilience against a range of potential exploits. Additionally, this hardware-based approach can do so with minimal performance overhead, supporting efficient operation in power-sensitive contexts such as grid infrastructure.

CHERI not only reduces the risk of outages but can future-proof energy grids against quantum threats, ensuring these critical systems are prepared for future quantum-enabled attacks. So, why are we not using this already?

The potential of CHERI to transform the security landscape of our energy grids is immense, yet adoption has been slower than anticipated. A lack of awareness about its capabilities and the significant upfront investment and operational changes may play a role in this hesitancy. However, the long-term benefits of enhanced security, reliability, and resilience far outweigh these initial challenges.

Looking Ahead: Future Actions for Businesses and Governments

To stay ahead of the curve in the quantum age, businesses and governments must take proactive measures to manage and exploit data securely. Here are some key actions to consider:

  1. Invest in Quantum-Resistant Cryptography: Begin transitioning to quantum-resistant cryptographic algorithms. Engage with cybersecurity experts and invest in research to develop and implement these new standards.
  2. Strengthen Security Frameworks: Enhance current security protocols to include quantum resilience. Regularly update and patch systems to address any vulnerabilities that may arise.
  3. Educate and Train: Foster a culture of cybersecurity awareness and education. Provide training for staff at all levels to understand the implications of quantum computing on security and data management.
  4. Collaborate and Innovate: Encourage collaboration between the private sector, academia, and government agencies to stay informed about the latest developments in quantum computing and cybersecurity.
  5. Regulatory Readiness: Governments should work towards establishing regulations that mandate the adoption of quantum-safe technologies and practices. This includes setting timelines and guidelines for transitioning to new cryptographic standards.

The emergence of quantum computing is a double-edged sword. It offers immense potential, while also posing significant security challenges.

By looking beyond, the horizon and thinking two steps ahead, we can better prepare for a post-quantum world. Managing and exploiting data securely will require a concerted effort from businesses, governments, and the cybersecurity community. As we navigate this transformative period, it is essential to remain vigilant, innovative, and collaborative to ensure a secure digital future.


techUK's Defence Campaign Week 2024 - DefTech: Technology Transforming Defence

techUK is pleased to announce our first Defence Campaign Week, running from 25-29 November 2024.

Find all insight here!

DefTech: Technology Transforming Defence - techUK Report Published

techUK’s Defence Programme has published a report looking at how Defence Technologies (DefTech) will revolutionise how the UK defends itself, but that means a change in how governments think about capabilities.

Read here

DefTech: Technology Transforming Defence – Campaign Week Launch

Launch for techUK’s first Defence Campaign Week with a keynote speech from NSSIF Managing Partner and Head of Investment Hugo Jammes and pitches from SME members.

Book now!


Defence Programme activities

The Defence programme works to help the UK’s defence technology sector align itself with the MOD. techUK members are able to navigate and better understand the UK Defence sector to successfully align their own investment and resources to take advantage of business opportunities. Visit the programme page here.

 

Upcoming events

Latest news and insights 

Learn more and get involved

 

Defence updates

Sign-up to get the latest updates and opportunities from our Defence programme.

 

 

Here are the five reasons you should join the Defence programme.

Learn about the value members get from our work.

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

 

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

Meet the team  

Fred Sugden

Fred Sugden

Associate Director, Defence and National Security, techUK

Fred is responsible for techUK's activities across the Defence and National Security sectors, working to provide members with access to key stakeholders across the Defence and National Security community. Before taking on the role of Associate Director for Defence and National Security, Fred joined techUK in 2018, working as the Programme Head for Defence at techUK, leading the organisation's engagement with the Ministry of Defence. Before joining techUK, he worked at ADS, the national trade association representing Aerospace, Defence, Security & Space companies in the UK.

Fred is responsible for techUK’s market engagement and policy development activities across the Defence and National Security sectors, working closely with various organisations within the Ministry of Defence, and across the wider National Security and Intelligence community. Fred works closely with many techUK member companies that have an interest in these sectors, and is responsible for the activities of techUK's senior Defence & Security Board. Working closely with techUK's Programme Head for Cyber Security, Fred oversees a broad range of activities for techUK members.

Outside of work, Fred's interests include football (a Watford FC fan) and skiing.

 

Email:
[email protected]
Phone:
07985 234 170

Read lessmore

Raya Tsolova

Senior Programme Manager, techUK

Raya Tsolova is a Programme Manager at techUK. 

Prior to joining techUK, Raya worked in Business Development for an expert network firm within the institutional investment space. Before this Raya spent a year in industry working for a tech start-up in London as part of their Growth team which included the formation and development of a 'Let's Talk Tech' podcast and involvement in London Tech Week. 

Raya has a degree in Politics and International Relations (Bsc Hons) from the University of Bath where she focused primarily on national security and counter-terrorism policies, centreing research on female-led terrorism and specific approaches to justice there. 

Outside of work, Raya's interests include baking, spin classes and true-crime Netflix shows! 

Email:
[email protected]
Phone:
07712630603

Read lessmore

Jeremy Wimble

Jeremy Wimble

Programme Manager, Defence, techUK

Jeremy manages techUK's defence programme, helping the UK's defence technology sector align itself with the Ministry of Defence - including Defence Digital, DE&S, innovation units and Frontline Commands - through a broad range of activities including private briefings and early market engagement events. It also supports the MOD as it procures new digital technologies.

Prior to joining techUK, from 2016-2024 Jeremy was International Security Programme Manager at the Royal United Services Institute (RUSI) coordinating research and impact activities for funders including the FCDO and US Department of Defense, as well as business development and strategy.

Jeremy has a MA in International Relations from the University of Birmingham and a BA (Hons) in Politics & Social Policy from Swansea University.

Email:
[email protected]

Read lessmore

Tracy Modha

Tracy Modha

Team Assistant - Markets, techUK

Tracy supports several areas at techUK, including Cyber Exchange, Cyber Security, Defence, Health and Social Care, Local Public Services, Nations and Regions and National Security.

Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!

Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!

Email:
[email protected]
Phone:
02073312000
Twitter:
@TracyModha,@TracyModha
Website:
www.techuk.org,www.techuk.org
LinkedIn:
https://www.linkedin.com/in/tracymodha83,https://www.linkedin.com/in/tracymodha83

Read lessmore

 

 

 

 

Authors

Rahul Tyagi

Rahul Tyagi

CEO & Founder, SECQAI