Securing Government data in the post-Quantum era

For governments and defense agencies, data sovereignty is paramount. The critical nature of their data – whether defense secrets, intellectual property, taxpayer information or even the electoral register – makes their communications a prime target for hackers looking for everything from financial gain to political influence.

The geographically distributed nature of national government infrastructure presents a wealth of cybersecurity challenges. Ageing systems are notoriously plagued by performance issues and become increasingly difficult to secure. As hacking becomes more sophisticated, the reliance on breach prevention technologies alone (such as firewalls) is insufficient to prevent unauthorized access to systems.

Governmental infrastructure is further complicated by the plethora of contracted agencies or businesses that are granted access to critical data and applications. Everyone from stationery suppliers to senior politicians are looking to gain remote access to the network and every access point is another point of weakness.

Long-term data protection is crucial

Government data not only needs to be protected from cyberattacks today, but for the lifetime of the data itself. Data retention policies vary widely across industry sectors, with public sector organizations typically expected to retain records for longer periods. For some government applications, this can extend to 50 years in the case of official secrets.

A cryptographically significant quantum computer, capable of cracking today’s public key encryption infrastructure, is still a few years away. However, the long useful lifespan of some sensitive data means it is especially vulnerable to a “hack now, decrypt later” attack.

The 5G security challenge

5G is being rolled out all over the world. Higher performance, speed, capacity of remote execution and lower latency give the promise of reaching new connectivity needs that will change the way we live and work.

5G networks are already becoming the default platform for mobile telephony and data. They are aiming to be the main network used to connect devices, from connected vehicles to Internet of Things. Public and private applications in the medical, critical infrastructure, military and transportation fields will use 5G, which means that human lives become dependent on the mobile network. Securing the fiber networks that underpin the technology against conventional and quantum attack should be the highest priority as, without proper security, the integrity of the network is compromised. 5G networks are especially vulnerable to large-scale consequences as the scalability of the attack vectors is unprecedented. Indeed, a single successful hack could affect millions of devices.

While 5G will not be controlled by governments, their role is of prime importance. As often in new technologies’ rollouts, governments are expected to lead the way through setting the standard and put regulations in place. As a public service, their responsibility is to provide guidance and to set ethical rules for machines to follow.

Quantum and classical technologies for future-proof data protection

Quantum Random Number Generation

Any cryptographic system is only as secure as the encryption keys it uses. The first step towards good data protection is therefore to start with good keys. The security of the keys is determined by the degree of randomness (entropy) used to generate them. For a source of genuine entropy, cryptographic systems are leveraging quantum random number generators, which rely on the non-deterministic character of quantum mechanics to generate entropy. Small and reliable QRNG chips are now available from ID Quantique, for all applications, including smart phones and IoT devices.

Quantum-Safe Encryption

High-assurance data encryption is the only fail-safe way to ensure sensitive information remains secure, even if it falls into the hands of unauthorized users. It represents today’s last line of defense. As the world enters the quantum computing era, government and commercial organizations alike must turn to next-gen quantum-safe encryption platforms combining high-assurance encryption hardware with quantum random number generation and networked Quantum Key Distribution wherever applicable. As standards for quantum-resistant algorithms emerge, encryption hardware will adapt to offer security professionals a hybrid solution featuring both classical and quantum-resistant variants. These crypto-agile solutions will be a key component of the data security roadmap as organizations enter the era of quantum computing.

Quantum Key Distribution

For the ultimate in long-term data protection, security professionals are turning to Quantum Key Distribution to deliver provably secure key exchange. Ideal today for LAN and MAN implementations, QKD will also offer WAN security in the future by leveraging quantum satellite networks to deliver global coverage. QKD is the only key exchange mechanism which can ensure long-lasting data sovereignty for today and tomorrow’s communications.

Early adopters

Recognizing the need to provide long-term data protection in the post-quantum computing age, some governments are pioneering the use of quantum technologies. Perhaps the most mature implementation to date is the QKD network built in China. The network now spans over 2,000km and connects four quantum metropolitan area networks in Shanghai, Jinan, Hefei and Beijing, plus a satellite link connecting two observatories.

South Korea is also a front-running country when it comes to quantum security. SK Broadband and ID Quantique have been selected to take part in two large-scale projects to future-proof the country’s digital security. The first one, as a part of the ‘Digital New Deal’ consists of building a pilot QKD infrastructure to enhance security across public, medical and industrial sectors. The second one, as part of the ‘National Convergence Project’, is the construction of the first nation-wide QKD network in Korea which will protect major areas of public networks with QKD technology on a section of up to 2000 kilometers. This will constitute the largest operational QKD network in the world outside of China and will secure the communications of 48 government organizations across the country.

Across Europe, the OpenQKD program, for which ID Quantique is the main QKD provider, has created several test beds for secure quantum communications applications. In addition, 25 EU Member States have signed the EuroQCI Declaration, agreeing to work together, with the Commission and with the support of the European Space Agency, towards the development of a quantum communication infrastructure covering the whole EU.

The Quantum Revolution is well on and governments worldwide are taking action to protect their digital sovereignty. Start planning now: contact us for more information about how you can start your quantum journey today.

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.n
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
datatranscw-woocommerce-context-id	session	Description is currently not available.
datatranscw-woocommerce-context-key	session	Description is currently not available.
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.
wp11868	1 year	Marketing automation. Automatically sets cookie tracking when visitors engage through form submissions, clickthrough’s in email messages, and web pages containing the Act-On Beacon Tracker.