In developing tools and methods to safeguard data, government and industry technology leaders are constantly seeking out new sources of innovation. This, after all, is what we do. Sometimes, a potential breakthrough comes along that could make a transcendent level of impact in advancing both the speed and proficiency of technology, e.g. encryption. While the industry has much discovery ahead of it, quantum cryptography may very well emerge as a turning point in the history of cybersecurity.
So what exactly is quantum cryptography? As its name states, it is based upon the principles of quantum computing, which leverages quantum mechanics to calculate much more rapidly than modern machines. Specifically, it uses individual, subatomic particles – quantum bits, or qubits – as computing elements representing the traditional binary 0s and 1s. Then, through what’s called “superposition,” the technology combines the actions of states – in this case, the 1 and 0 – that would normally act independently, so that qubits swiftly process larger amounts of information.
In addition, via a concept called “entanglement,” it increases the exponential power of computing by causing intertwined qubits to behave as one system. Regardless of distance, the intertwined qubits will exhibit the same properties, with the measured value of one qubit determining the value of the second, entangled one.
The upshot: Computing speed could accelerate by literally a billion-fold, with the potential for major advancements in technology, science, health, finance and other industries/areas. This includes cryptography, by creating nearly unbreakable cryptosystems much more quickly than modern ones, which are often at risk of getting cracked.
Simply stated, quantum cryptography is based upon “quantum key distribution,” or QKD, while taking advantage of the “no change theory,” which dictates that no quantum presence can be interrupted without the interruption being detected: Photon particles generate encryption keys through their properties. To break the key and steal the message inside, hackers have to measure the particles. But, by doing so, they alter the particles’ behavior, sending an alert that the hackers have compromised the key, thus rendering it unusable. Because the entanglement concept is in play, two particles in a QKD could exist far from each other. Yet, if an adversary tries to measure one, the other will react, therefore exposing the adversary.
For federal IT decision-makers, the value proposition appears very promising. From the Department of Defense to the Intelligence Community and many other corridors of our government, agencies compile and store massive volumes of highly classified and even top secret data. If quantum cryptography makes it a hundred times more difficult – or an improvement of exponentially more profound impact – for “bad guys” to crack systems and steal the data, then these decision-makers have a duty as public servants to seriously explore and invest in this technology.
As they pursue quantum cryptography in interest of what could amount to the ultimate defense of sensitive, classified data, agencies should strongly consider the following, suggested best practices:
Begin with a quantum hybrid approach. As the saying goes, we must walk before we run. A combination of traditional cybersecurity approaches and tools with quantum cryptography would make for a smoother, more readily achievable transition, i.e., breaking up it up into “smaller steps” in which “familiar ways” are never entirely discarded.
These are positive steps, especially if they lead to opportunities in which agency, academic and industry leaders will work closely together on quantum cryptography. Commercial participation will prove essential, given that industry innovation “moves fast” and we will need to advance at a pace which exceeds that of our adversaries.
Designate – and empower – authority to make this happen. We need to create a body with authoritative powers put in place to ensure the development of quantum cryptography follows a predetermined timetable and roadmap, and does not get stalled or otherwise derailed by bureaucratic interference, political maneuvering, etc. To reinforce this, government leaders should appoint a roundtable of expert advisors from the public, private and academic sectors – experts who are knowledgeable enough to drive relevant, beneficial outcomes while staying on track of targeted timetable and roadmap milestones.
For many of us, cybersecurity isn’t simply our chosen career. It is a passion. A wealth of innovations, which we now take for granted, would never exist without this fully engaged spirit of “what if?” exploration and discovery. Only time will tell whether quantum cryptography lives up to our hope-inspired vision. But we will not get there without full and focused commitment and collaboration on the part of our government, academic and industry leaders and thinkers. By identifying what’s needed during the journey – and supporting the investment of the people and funding required to move ahead – we can look forward to what the eventual destination brings.
Seli Agbolosu-Amison is a cybersecurity data scientist at NetCentrics.