Here’s why enterprises and governments should prepare for Q-Day
By Chris Johnson
9 October 2023
In today’s hyper-connected world, as enterprises and governments accelerate digital transformation to boost the efficiency, sustainability, and safety of their operations, they must also ensure they are leveraging the best available safeguards to protect against digital-era cyberattacks.
Digitalization promises industries vast improvements and efficiencies that are simply too good to pass up, including substantial benefits for mission-critical industries. As these digital evolutions take place, new opportunities for cyberattacks will emerge – this is often referred to as an expanded attack surface. For example, as power utilities incorporate new and varied sustainable power sources into their grid and rely more on digital tools for automation, monitoring and management, they too increase their attack surface.
Data breaches are often accompanied by heavy fines and ransom payments, and even more difficult-to-measure costs, such as loss of consumer trust and impact on brand reputation. When we couple this with the fact that Cybercriminals often target human-critical systems to disrupt our everyday lives – such as the mission-critical networks that support power grids and utilities, public safety, healthcare, financial systems, education, transportation, and other societal services, many organizations expect it is not a question of ‘if’, but ‘when’ they will be targeted.
In 2022 in the US, the FBI, NSA, Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) warned that major US utilities were targeted in state-sponsored hacking attempts. Critical infrastructure sectors such as utilities and transportation are also closely linked to a country’s economy which compounds the impact of these attacks.
Logistics companies too are feeling the pressure as they implement more digital initiatives. Earlier this year, international post in the UK was disrupted for days when Royal Mail was targeted by ransomware. Governments and public safety agencies are also at risk and often a prime target for bad actors. Just recently, Japan’s agency for defense against cyberattacks was found to be infiltrated, an attack that lasted nine months before the incident was discovered. And just this month, the personal details of UK Police officers in Greater Manchester were hacked in a ransomware attack.
Attacking at Quantum Speed
Today’s encryption methods are designed to protect conventional computers but what happens when attackers have access to more powerful capabilities?
Governments and research organizations are investing in quantum computing to address sustainability, defense, climate change and other societal challenges.
Enterprises are now using it too. Mercedes Benz is shaping the future of electric vehicles; US banks are running advanced financial computations, and it was used to accelerate the study of COVID treatments. The mining and oil and gas industries can leverage the output of quantum computing studies to more accurately research where to drill successfully, and power utilities can gain a greater understanding of weather patterns and the impact of climate change and storms on their grid performance. Medical researchers are looking to quantum computing to accelerate treatments and drug development for conditions ranging from cancer to Alzheimer's.
The potential to use quantum computing for good appears to be limitless and progress demands that we leverage its capabilities. However, when bad actors use it to do harm, quantum-speed problem solving could rapidly become quantum-speed cyberattacks. This will require a cryptographically relevant quantum computer (CRQC), which carries with it the capability and potential to impact economies, disrupt critical research or worse, endanger lives. Cybercriminals could hijack millions of connected IoT devices to create distributed denial of service (DDoS) botnets that flood IP and optical networks with terabits of data and hundreds of millions of packets per second.
Cryptographically relevant quantum computers (CRQC) haven’t arrived yet, but as technology advances, allowing us to achieve more, we are also moving ever closer to what is being termed ‘Q-Day’, the day a CRQC is developed and can break most of today’s public key encryption algorithms.
Many experts predict this day could arrive by 2030 – or sooner. Another commonly held belief is that bad actors are not waiting for the arrival of a CRQC, they’re preparing by harvesting data now and storing it to decrypt it on Q-Day in a mass attack.
Preparing enterprises and governments for Q-Day with a secure, defense-in-depth, quantum-safe networking approach
So, if cyber criminals are preparing, then shouldn’t critical industries too? We must prepare critical networks for the threat now. It takes time and careful, expert work to upgrade and modernize these networks. In August 2023, the US CISR, NSA and NIST organizations prepared a brief on Quantum-readiness providing guidance to critical industries, and technology vendors.
This will require network modernization, taking a multi-layer approach from optical core to edge, and everywhere in between. This makes it possible to expand the scope of quantum-safe protection beyond the optical core to the IP edge and application layer, and to effectively encrypt in-flight network data according to the transmission and network infrastructure.
Quantum safe networking is nothing new for Nokia. We’ve embedded advanced cybersecurity protection and quantum-safe encryption into our zero-trust-driven IP and optical technologies for years.
Our IP/MPLS routing and optical switching networks meet the highest level of security required for mission-critical public safety communications, power utility grids, transport infrastructure, logistics networks and more. That means we are already contributing to the protection of our enterprise and government customers against ‘harvest now, decrypt later’ attacks and preparing them for the advent of Q-day.
About Chris Johnson
Chris Johnson is the Senior Vice President and Global Head of Enterprise at Nokia. A veteran sales and business leader, Chris focuses on delivering critical network solutions for the world's most essential industries.
At Nokia, we create technology that helps the world act together.
As a B2B technology innovation leader, we are pioneering networks that sense, think, and act by leveraging our work across mobile, fixed and cloud networks. In addition, we create value with intellectual property and long-term research, led by the award-winning Nokia Bell Labs.
Service providers, enterprises and partners worldwide trust Nokia to deliver secure, reliable and sustainable networks today – and work with us to create the digital services and applications of the future.
Nokia Communications, Corporate