How federal agencies can unleash the power of quantum cryptography

In developing tools and methods to safeguard data, government and industry technology leaders are constantly seeking out new sources of innovation. This, after all, is what we do. Sometimes, a potential breakthrough comes along that could make a transcendent level of impact in advancing both the speed and proficiency of technology, e.g. encryption. While the industry has much discovery ahead of it, quantum cryptography may very well emerge as a turning point in the history of cybersecurity.

So what exactly is quantum cryptography? As its name states, it is based upon the principles of quantum computing, which leverages quantum mechanics to calculate much more rapidly than modern machines. Specifically, it uses individual, subatomic particles – quantum bits, or qubits – as computing elements representing the traditional binary 0s and 1s. Then, through what’s called “superposition,” the technology combines the actions of states – in this case, the 1 and 0 – that would normally act independently, so that qubits swiftly process larger amounts of information.

In addition, via a concept called “entanglement,” it increases the exponential power of computing by causing intertwined qubits to behave as one system. Regardless of distance, the intertwined qubits will exhibit the same properties, with the measured value of one qubit determining the value of the second, entangled one.

The upshot: Computing speed could accelerate by literally a billion-fold, with the potential for major advancements in technology, science, health, finance and other industries/areas. This includes cryptography, by creating nearly unbreakable cryptosystems much more quickly than modern ones, which are often at risk of getting cracked.

Advertisement

Simply stated, quantum cryptography is based upon “quantum key distribution,” or QKD, while taking advantage of the “no change theory,” which dictates that no quantum presence can be interrupted without the interruption being detected: Photon particles generate encryption keys through their properties. To break the key and steal the message inside, hackers have to measure the particles. But, by doing so, they alter the particles’ behavior, sending an alert that the hackers have compromised the key, thus rendering it unusable. Because the entanglement concept is in play, two particles in a QKD could exist far from each other. Yet, if an adversary tries to measure one, the other will react, therefore exposing the adversary.

In light of today’s increasingly complex and frequent cyber attacks, interest in quantum cryptography is on the rise, and the market for these technologies will grow to $1.2 billion by 2023, up from $328 million last year, according to a projection from TechSci Research.

For federal IT decision-makers, the value proposition appears very promising. From the Department of Defense to the Intelligence Community and many other corridors of our government, agencies compile and store massive volumes of highly classified and even top secret data. If quantum cryptography makes it a hundred times more difficult – or an improvement of exponentially more profound impact – for “bad guys” to crack systems and steal the data, then these decision-makers have a duty as public servants to seriously explore and invest in this technology.

In doing so, they are sure to encounter bumps along the way: With the technology currently at its most initial stages globally, researchers are testing it in very short intervals, making this an infrastructure problem. These intervals are too limited to cover the vast range of distance required for mainstream practical purposes. Further, even if long distance testing is even achieved, QKD error related issues such as – decrease in key distribution rate, loss quantum signal in quantum channels, high bit error rates during quantum distribution etc., could be major limitations.

As they pursue quantum cryptography in interest of what could amount to the ultimate defense of sensitive, classified data, agencies should strongly consider the following, suggested best practices:

Begin with a quantum hybrid approach. As the saying goes, we must walk before we run. A combination of traditional cybersecurity approaches and tools with quantum cryptography would make for a smoother, more readily achievable transition, i.e., breaking up it up into “smaller steps” in which “familiar ways” are never entirely discarded.

Embrace industry-government collaboration. In terms of practical usage, quantum computing is still relatively new and unknown. The government is really only starting to examine the possibilities here. Just this past June, the White House announced that the Office of Science and Technology Policy (OSTP) will launch a quantum information science subcommittee within the National Science and Technology Council (NSTC) to encourage these initiatives. Then, in July, the Defense Advanced Research Projects Agency (DARPA) asked the private sector and academic technology communities to provide input on the possible impact of quantum computing in areas of interest such as AI/machine learning, physical systems and data analytics.

These are positive steps, especially if they lead to opportunities in which agency, academic and industry leaders will work closely together on quantum cryptography. Commercial participation will prove essential, given that industry innovation “moves fast” and we will need to advance at a pace which exceeds that of our adversaries.

Designate – and empower – authority to make this happen. We need to create a body with authoritative powers put in place to ensure the development of quantum cryptography follows a predetermined timetable and roadmap, and does not get stalled or otherwise derailed by bureaucratic interference, political maneuvering, etc. To reinforce this, government leaders should appoint a roundtable of expert advisors from the public, private and academic sectors – experts who are knowledgeable enough to drive relevant, beneficial outcomes while staying on track of targeted timetable and roadmap milestones.

For many of us, cybersecurity isn’t simply our chosen career. It is a passion. A wealth of innovations, which we now take for granted, would never exist without this fully engaged spirit of “what if?” exploration and discovery. Only time will tell whether quantum cryptography lives up to our hope-inspired vision. But we will not get there without full and focused commitment and collaboration on the part of our government, academic and industry leaders and thinkers. By identifying what’s needed during the journey – and supporting the investment of the people and funding required to move ahead – we can look forward to what the eventual destination brings.

Seli Agbolosu-Amison is a cybersecurity data scientist at NetCentrics.

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.