Looking Beyond the Horizon: Managing and Exploiting Data in the Quantum Age
Guest blog by Rahul Tyagi, CEO at SECQAI #DefTechWeek
The digital age is transforming how we live and work, but it also brings increasing risks to our cyber landscape. Cyberattacks are not just becoming more frequent; they're also growing in sophistication.
From data breaches to ransomware, the threats to our digital infrastructure are at an all-time high. This escalation necessitates a proactive approach in defending against these attacks while needing to think several steps ahead. As we approach the dawn of quantum computing, understanding its implications is crucial for securing our future.
A Revolutionary Industry
Quantum computing represents a seismic shift in computational power, harnessing the principles of quantum mechanics to perform complex calculations exponentially faster than classical computers. At its core, quantum computing uses qubits, which can exist in multiple states simultaneously thanks to superposition and interact in unique ways due to entanglement.
This revolutionary technology promises to solve problems once thought to insurmountable, from drug discovery to climate modelling. Major tech companies and Governments are investing heavily in quantum research, signalling its imminent impact. However, with great power comes great responsibility, especially in cybersecurity.
What Quantum Means for Cyberattacks
The advent of quantum computing poses a significant threat to current encryption methods, which are the bedrock of modern cybersecurity. Today's encryption algorithms, such as RSA and ECC, depend on the complexity of factoring large numbers or solving discrete logarithms - tasks that quantum computers could accomplish in a fraction of the time. This shift means that many existing encryption methods could become obsolete, leaving sensitive data vulnerable to new types of cyberattacks.
In a post-quantum world, the nature of cyber threats could evolve dramatically. Quantum computing could enable malicious actors to break encryption codes, access confidential information, and disrupt critical infrastructure. This potential future underscores the urgency of developing quantum-resistant cryptographic algorithms and integrating them into our current security frameworks. Both the private sector and governments must work together to mitigate these risks and transition to a quantum-secure landscape.
The Smart Meter Threat
Amidst the quantum conversation, it's crucial to consider devices which could become a threat, for example Smart Meters. These devices are now commonplace in our homes, providing real-time monitoring of energy usage. However, many of these meters are being replaced without sufficient security measures, exposing critical vulnerabilities in infrastructures.
Research by the National Cyber Security Centre (NCSC) highlights certain security characteristics of the GB smart metering system designed to protect against conventional cyber threats. However, according to a uSwitch study on Smart Meter statistics in 2024, the integration of quantum encryption is still in its early stages and does not fully address quantum threats. Honeywell's efforts in leveraging quantum encryption for data security are steps in the right direction but fall short of addressing the fundamental problem posed by quantum computing.
Ensuring the security of smart meters is essential as they are part of the critical infrastructure. These devices collect vast amounts of data, and any breach could lead to widespread disruptions. Incorporating quantum-resistant security measures into smart meters will be a crucial step in safeguarding this data and maintaining the reliability of our energy systems.
Securing our Energy
Energy grids are vital components of our national infrastructure, and their security ensures stability in our daily lives. With quantum computing on the horizon, robust security measures are more urgent than ever. A promising approach to safeguarding this critical infrastructure is CHERI (Capability Hardware Enhanced RISC Instructions) technology, developed by the University of Cambridge and SRI (Scientific Reseach Institute) International, and endorsed by the National Cyber Security Centre (NCSC).
CHERI's architecture enhances memory safety by providing fine-grained control over pointers, known as "capabilities". These capabilities enforce bounds on memory regions that pointers can access, helping to prevent vulnerabilities like buffer overflows and use-after-free errors by ensuring that pointers cannot stray outside of designated memory areas.
Integrating CHERI into hardware is advantageous for critical infrastructure like energy grids, which are increasingly targeted in cyberattacks, as has the power to thwart many attack vectors, making it difficult for adversaries to exploit system vulnerabilities.
Hardware-based memory safety at this level also helps ensure that many classes of software vulnerabilities can be mitigated at the lowest level, which boosts resilience against a range of potential exploits. Additionally, this hardware-based approach can do so with minimal performance overhead, supporting efficient operation in power-sensitive contexts such as grid infrastructure.
CHERI not only reduces the risk of outages but can future-proof energy grids against quantum threats, ensuring these critical systems are prepared for future quantum-enabled attacks. So, why are we not using this already?
The potential of CHERI to transform the security landscape of our energy grids is immense, yet adoption has been slower than anticipated. A lack of awareness about its capabilities and the significant upfront investment and operational changes may play a role in this hesitancy. However, the long-term benefits of enhanced security, reliability, and resilience far outweigh these initial challenges.
Looking Ahead: Future Actions for Businesses and Governments
To stay ahead of the curve in the quantum age, businesses and governments must take proactive measures to manage and exploit data securely. Here are some key actions to consider:
- Invest in Quantum-Resistant Cryptography: Begin transitioning to quantum-resistant cryptographic algorithms. Engage with cybersecurity experts and invest in research to develop and implement these new standards.
- Strengthen Security Frameworks: Enhance current security protocols to include quantum resilience. Regularly update and patch systems to address any vulnerabilities that may arise.
- Educate and Train: Foster a culture of cybersecurity awareness and education. Provide training for staff at all levels to understand the implications of quantum computing on security and data management.
- Collaborate and Innovate: Encourage collaboration between the private sector, academia, and government agencies to stay informed about the latest developments in quantum computing and cybersecurity.
- Regulatory Readiness: Governments should work towards establishing regulations that mandate the adoption of quantum-safe technologies and practices. This includes setting timelines and guidelines for transitioning to new cryptographic standards.
The emergence of quantum computing is a double-edged sword. It offers immense potential, while also posing significant security challenges.
By looking beyond, the horizon and thinking two steps ahead, we can better prepare for a post-quantum world. Managing and exploiting data securely will require a concerted effort from businesses, governments, and the cybersecurity community. As we navigate this transformative period, it is essential to remain vigilant, innovative, and collaborative to ensure a secure digital future.
Defence Programme activities
The Defence programme works to help the UK’s defence technology sector align itself with the MOD. techUK members are able to navigate and better understand the UK Defence sector to successfully align their own investment and resources to take advantage of business opportunities. Visit the programme page here.
Upcoming events
Latest news and insights
Learn more and get involved
Defence updates
Sign-up to get the latest updates and opportunities from our Defence programme.
Meet the team
Fred Sugden
Associate Director, Defence and National Security, techUK
Fred is responsible for techUK's activities across the Defence and National Security sectors, working to provide members with access to key stakeholders across the Defence and National Security community. Before taking on the role of Associate Director for Defence and National Security, Fred joined techUK in 2018, working as the Programme Head for Defence at techUK, leading the organisation's engagement with the Ministry of Defence. Before joining techUK, he worked at ADS, the national trade association representing Aerospace, Defence, Security & Space companies in the UK.
Fred is responsible for techUK’s market engagement and policy development activities across the Defence and National Security sectors, working closely with various organisations within the Ministry of Defence, and across the wider National Security and Intelligence community. Fred works closely with many techUK member companies that have an interest in these sectors, and is responsible for the activities of techUK's senior Defence & Security Board. Working closely with techUK's Programme Head for Cyber Security, Fred oversees a broad range of activities for techUK members.
Outside of work, Fred's interests include football (a Watford FC fan) and skiing.
- Email:
- [email protected]
- Phone:
- 07985 234 170
Read lessmore
Raya Tsolova
Senior Programme Manager, techUK
Raya Tsolova is a Programme Manager at techUK.
Prior to joining techUK, Raya worked in Business Development for an expert network firm within the institutional investment space. Before this Raya spent a year in industry working for a tech start-up in London as part of their Growth team which included the formation and development of a 'Let's Talk Tech' podcast and involvement in London Tech Week.
Raya has a degree in Politics and International Relations (Bsc Hons) from the University of Bath where she focused primarily on national security and counter-terrorism policies, centreing research on female-led terrorism and specific approaches to justice there.
Outside of work, Raya's interests include baking, spin classes and true-crime Netflix shows!
- Email:
- [email protected]
- Phone:
- 07712630603
Read lessmore
Jeremy Wimble
Programme Manager, Defence, techUK
Jeremy manages techUK's defence programme, helping the UK's defence technology sector align itself with the Ministry of Defence - including Defence Digital, DE&S, innovation units and Frontline Commands - through a broad range of activities including private briefings and early market engagement events. It also supports the MOD as it procures new digital technologies.
Prior to joining techUK, from 2016-2024 Jeremy was International Security Programme Manager at the Royal United Services Institute (RUSI) coordinating research and impact activities for funders including the FCDO and US Department of Defense, as well as business development and strategy.
Jeremy has a MA in International Relations from the University of Birmingham and a BA (Hons) in Politics & Social Policy from Swansea University.
- Email:
- [email protected]
Read lessmore
Tracy Modha
Team Assistant - Markets, techUK
Tracy supports several areas at techUK, including Cyber Exchange, Cyber Security, Defence, Health and Social Care, Local Public Services, Nations and Regions and National Security.
Authors
Rahul Tyagi
CEO & Founder, SECQAI