Agile Cryptography for Telecommunications

February 27, 2023
Agile Cryptography for TelecommunicationsAgile Cryptography for Telecommunications

Quantum technologies may have a profound impact on the telecommunications industry, from improving the speed, fidelity and integrity of wired or satellite communications to creating the next generation Quantum Internet and more. In the meantime, however, telecommunications providers are both a prime target and a critical first line of defense against emerging quantum threats. That’s because when fault-tolerant quantum computers are finally available they are expected to break the existing Public-Key Encryption (PKE) standards that have been in place for nearly 50 years, exposing sensitive government, business and personal data, communications and transactions on an unprecedented scale. 

SandboxAQ leverages the compound effects of AI+Quantum technologies (AQ) to help some of the largest communication companies solve these quantum-related challenges today – years before fault-tolerant quantum computers become available.

The Rising Cyberthreat to Telecommunications

Due to the volume of sensitive data that travel across their networks, cyberattacks on telecom providers are increasing. For example, a Q3 2022 report from security provider Lumen indicated that telecommunications is the top industry targeted in the largest 500 attacks. They also reported a 21% increase in attacks over the prior quarter.

In 2021, a report from the U.S. National Security Telecommunications Advisory Committee noted that replacing dedicated routers and switches with software-defined networking (SDN), application programming interfaces (APIs), and networking function virtualization (NFVs) have contributed to greater network resiliency, but certain aspects of these improvements make networks more vulnerable to new quantum threats – some of which are happening right now. 

Although quantum computers are still many years away from commercial use, adversaries have already initiated Store Now, Decrypt Later (SNDL) attacks, acquiring and storing encrypted data until quantum computers become available to decrypt it. This can be done via direct network penetration (via hacking, social engineering, etc.) or by siphoning data in-transit via a compromised node or vulnerable VPN, SD-WAN or SDN. Once encrypted data has been stolen, it can no longer be protected and could negatively impact customers for many years to come. 

A New Era in Cybersecurity

To protect against SNDL, telecommunications companies need to inventory their entire IT infrastructure, including hardware, firmware, and software, to identify where quantum-vulnerable protocols are used and upgrade them to quantum-resistant protocols.

For the past six years, the National Institute of Standards and Technology (NIST) has been working with a consortium of cryptologists and mathematicians from 25 countries to develop new quantum-resistant algorithms that will become the new global encryption standard. Last July, NIST unveiled four candidate algorithms and several alternates that are still being evaluated for standardization. 

Getting Started

After an initial discovery process, which could take months or years, depending on network size and complexity, CIOs and CISOs will have a better understanding of their cybersecurity posture and can decide what areas to prioritize for migration to the new standards – starting with the most vulnerable data and critical systems. The key is to begin the discovery process immediately. 

The next step would be to evaluate the impact that these new algorithms will have on network performance. Finding a balance between network security and performance is a major concern for telecom providers, and our Security Suite has tools that can help providers test and evaluate NIST’s algorithms against existing performance benchmarks.

Another major concern is regulatory compliance. Completely replacing a provider’s existing cyber architecture with new protocols could result in non-compliance. As such, many providers will opt for a hybrid cybersecurity architecture – combining newer algorithms with traditional RSA/ECC protocols to ensure continued compliance with existing government regulations and to protect against both classical and quantum-related threats. 

Maintaining the highest level of threat protection in a hybrid cybersecurity architecture will require cryptographic agility — the ability to encapsulate cryptographic primitives or algorithms, making it easy to switch and replace these primitives as new standards and threats emerge. Our Security Suite has tools to help telecom providers manage their new cryptographic architecture while giving them full sovereignty over their encryption methods, so that they can stay up-to-date as standards and protocols continue to evolve.

Take Action Now

Migrating to cryptographic agility entails an unprecedented, generational change of global cybersecurity architecture. The process will take years to complete and require significant resources to ensure the security of the government, business and personal data that traverses telecom networks. For smaller businesses that are not equipped for full-scale crypto-agile implementations, their telecommunications provider might be their only line of defense against quantum threats.

According to the Department of Homeland Security transition roadmap, harvested data could be decrypted as early as 2030. If so, any encrypted data acquired by adversaries today will have a maximum confidentiality period of eight years. If an organization doesn’t complete its cryptographic migration until 2026, the confidentiality period of all data acquired before the transition will be just four years. 

Because of the enormous implications of threats like SNDL, providers must begin planning crypto-agile migration strategies now to protect customer data, intellectual property, and other valuable assets, while reducing regulatory risk and exposure. Forward looking providers that have already begun the migration process, stand to reap enormous benefits by offering value-added security services or differentiating themselves by offering the reassurance of quantum-resistant networks with the latest cryptographic protocols. 

Available Resources

Without a doubt, implementing crypto-agility will be time-consuming and costly, depending on the size and complexity of the network, its security and regulatory requirements and other factors. To facilitate this, SandboxAQ has forged strategic alliances with two Global System Integrators – Deloitte and EY – that have both quantum and cybersecurity domain expertise, acute knowledge of the ever-evolving regulatory landscape, and experience in executing complex IT transformations at scale. These firms can advise telecom providers on other AQ technologies that could expand their services, provide a better customer experience and give them a competitive edge.

Another great resource for information is NIST’s National Cybersecurity Center of Excellence (NCCoE), where organizations can find and share business insights, technical expertise, and challenges via a variety of Communities of Interest. SandboxAQ was selected by NIST as one of only 17 technology collaborators for the NCCoE, and we’re helping the government to initiate the development of practices to ease migration from current public-key cryptography algorithms to replacement algorithms.

For organizations that are still researching their options, several of SandboxAQ’s cryptography and cybersecurity experts wrote an insightful white paper titled, “Transitioning Organizations to Post-Quantum Cryptography,” which was published in Nature, the world’s foremost international scientific journal. The paper outlines current and future quantum-related threats, steps organizations need to take to become quantum-resistant and crypto-agile, and other helpful information. We encourage you to read this and contact us with any questions you may have.

Regardless of which vendor, partner or technology approach telecom providers choose, one thing is certain: the longer they wait, the greater the risk to their organization and customers. That’s why it’s imperative that telecommunication providers begin the process of migrating to cryptographic agility as soon as possible.