Remember Y2K? Brace for Y2Q, when public encryption keys can be hacked

Share this:
PHOTO: Karol D via Pexels

Cybersecurity experts are pondering an emerging challenge known as Years To Quantum, or Y2Q, which is when quantum computers develop to the point where they can break widely used public encryption keys.

With the keys, hackers can access banks, hospitals, transportation systems or any other critical infrastructure to wreak damage, said Shisir Singh, chief technology officer of BlackBerry.

Y2Q is keeping Singh awake at night because it is a cyber catastrophe waiting to happen. “The encryption algorithms used in the public encryption keys are very weak. They have been around for 15-20 years. Some one will try to break them.”

The implications of Y2Q are many, but the chief concern is the increased vulnerability it brings to smart cities like Singapore. The interconnected digital infrastructure of smart cities means that a hack on part of the system can have a cascading impact on the entire infrastructure.

Said Singh: “Like Y2K, which took the industry more than five years and US$100 billion to fix, solving the Y2Q is going to take time, because replacing cryptography is much more difficult than adding a couple of digits to a date field.”

“In fact, experience tells us it could take even longer, cost much more money, and a whole of industry effort to solve,” he added.

There have been many reports around the world about the looming threat posed by Y2Q. Estimations of when Y2Q will hit varies between 2024 and 2030.

From a government’s point of view, Singh said that “a regulatory framework like standardising post-quantum cryptography can be imposed to ensure critical parts of the economy are quantum ready”.

Governments together with the tech industry should consider ways of taking pre-emptive steps to safeguard their cryptosystems, he added.

Singh was in Singapore on October 12 to attend Cyber Security World Asia, a two-day expo held at Marina Bay Sands.

He also pointed out that the Covid-19 pandemic have resulted in organisations facing unprecedented cybersecurity challenges.

The emerging Work From Anywhere (WFA) trend, increasing cloud adoption and popularity of software-as-a-service solutions pose cybersecurity headaches for organisations.

In the WFA trend, workers are using their homes, cafes and other public places as remote offices. But these places are not ready to be branch offices, said Singh, and they have no firewalls and little or no Internet security.

This is paradise for hackers because they can easily hack into workers’ devices and networks to steal identities and passwords which, in turn, can be used to access corporate infrastructure and steal intellectual property, money or other critical information.

Organisations are also using a multitude of security solutions to monitor network activity and detect illegal intrusions. The result is that a lot of data is collected. But the data is not “talking the same language” making it difficult for cybersecurity professionals to make sense of the data.

Exacerbating these challenges is the popularity of cloud adoption and software-as-a-service solutions which have opened up a torrent of Internet traffic on networks and increased the attack surface for hackers.

Hence the importance of artificial intelligence and machine learning to help make sense of the humongous amount of data that is being collected today by security solutions.

The AI and ML systems can sieve out the “noise” – the unimportant information that makes up the majority of the data stream – and only pick out a small part that matters to organisations.

The small part comprises the suspicious network activity and user patterns that could pose as cyber threats.

Cybersecurity professionals can then deal with the data that matters, undertaking the analysis and taking follow-up action. Previously, cybersecurity professionals have to play catch up all the time, Singh explained.

To identify the potential threats from the humongous data stream could take days which means that emerging threats often could go undetected.

BlackBerry has been training its artificial intelligence (AI) and machine learning (ML) systems from the telemetry collected by nearly 500 million end points where its security software is running. With the training, AI and ML systems can sieve out the “noise” and identify the suspicious activity.

To prepare customers for the next generation of cyber threats, Blackberry is also offering a zero-trust policy framework.

This is about secured connectivity for managed devices which are trying to access data from the data centres or cloud services, said Singh.

“It is a very stringent framework where the network is continuously monitored based on user behaviour based analysis and threat protection and data protection,” he added.

During the pandemic, he noted that “there was a 630 per cent increase in illegal cyber activity in the last two years”.

Search this website