TACOMA, WASH. — If the prospect of a quantum computer capable of cutting through most existing cybersecurity systems like a knife through butter sounds like something from a super-hero movie, think again.
It’s not a matter of “if” but “when,” according to experts in cryptography who use coding techniques to prevent hackers from wreaking havoc in our computer systems.
“I’ve been researching post-quantum cryptography for years, finding ways to protect against a threat that doesn’t yet exist,” says Anderson Nascimento, an assistant professor of computer science at UW Tacoma’s Institute of Technology and a leading expert in the field of post-quantum cryptography. “Some of my colleagues teased me about it until the NSA released a whitepaper this year calling for a post-quantum cryptography standard to be considered for implementation.”
The future of cybersecurity and related debates over privacy vs. security will be the featured topics at UW Tacoma’s Second Annual Northwest Cybersecurity Symposium May 5, 9 a.m. to 1:30 p.m., where cybersecurity researchers, industry leaders and students come together to explore the increasingly complex and multidimensional world of cybersecurity.
“While this is a topic that seems ’down the road,’ technology moves at an ever increasing rate. It is never too early to plan for significant leaps like that which quantum computing promises,” says Janine Terrano, CEO of Topia Technology. “We are so fortunate to have UW Tacoma out front on this and for their researchers’ ability to support industry as we prepare for this shift.”
While scientists race to develop both quantum computing and cryptography capable of stopping a quantum computer at the front door, a debate rages within industry and government leaders about whether to have a back door available for surveillance and investigations to protect us from bad actors. These topics will intertwine at the symposium sponsored by UW Tacoma’s Institute of Technology.
An article in the April issue of Forbes Magazine says the race is on between those trying to build a quantum computer and those creating the cryptography to withstand one. The article, written by Jeff McMahon, says “most major technology companies have a quantum information program striving to develop a quantum computer. Google is working on one using a superconducting chip. Australia, Europe, Japan and China have national programs.”
Meanwhile, scientists like Nascimento and his colleagues at the Institute of Technology are part of an international cadre of researchers developing post-quantum cryptography. One of the challenges is establishing a standard, an agreed-upon level of protection that will work.
“We don’t expect a quantum computer to come on the scene anytime soon, so we feel we have time to get ready. Our approach will be to add components to reach the post-quantum standard, building on what exists, which means some of the challenges inherent in today’s cryptography will continue as the technology evolves,” says Nascimento. “I think practitioners will appreciate having a clearer picture of what is coming down the road.”
The symposium, called “Next-Gen Cybersecurity: Are you ready for post-quantum cryptography,” features panels of leading researchers and industry experts from Microsoft, Intel and Northwest National Labs who will dissect the issues and foreshadow what’s to come.
The panel discussing cryptography includes Dr. Neal Koblitz, a UW Seattle professor and inventor of elliptic curve cryptography, and Dr. Paulo Barreto, a world leader in cryptography who recently joined the UW Tacoma faculty. Barreto is one of the creators of the Whirlpool cryptographic hash function and the co-discoverer of quasi-dyadic codes. Also on the panel is Dr. Jesse Walker, Intel Security Research Lab, who is the architect for Intel’s new random number generator which is used in the Ivy Bridge processor. He was the first to identify the flaws in WEP, Wi-Fi’s original security protocol.
The panel on privacy vs. security includes Dr. Josh Benaloh, a senior cryptographer at Microsoft Research, where he works on data security, privacy, and verifiable election technologies. Benaloh was one of 14 of the world’s pre-eminent cryptographers and computer scientists who co-authored a paper criticizing Federal government attempts to provide “back-door” access through encryption for law enforcement, the subject of a July 7, 2015, New York Times article. Another panelist is Lt. Col. Tom Muehleisen, a leader with the Washington National Guard cybersecurity unit at Camp Murray, tasked with expanding the Guard’s cybersecurity capabilities and improving threat awareness and defensive posture for critical infrastructure and key resources in case of a significant cyber threat to Washington State. He brings together broad-based groups of cyber professionals to proactively prepare our state and nation to detect and prevent threat actors from damaging our infrastructure and stealing our intellectual capital.
Rep. Derek Kilmer will address the policy issues affecting the future of cybersecurity, including the debate over privacy vs. security, which is playing out in Congress.
Keynote speaker Cris Ewell, chief information security officer for UW Medicine, will take a broader view to address how organizations must prioritize cybersecurity from a risk management perspective and ensure the human part of the equation is well managed or the best cryptography in the world won’t matter.
“My job is to reduce risk within the organization in ways that allow physicians to do their jobs,” he says. “It really comes down to where your chief information security officer reports, where he is on the team.”
Risk management needs to be a high priority and the tone is set by executive communication and with a strong role for the CISO. Once the executive team sets procedure, it comes down to compliance and education. Cryptography is absolutely necessary, but the best cryptography can be compromised if humans accidently provide easy access to hackers.
“At the end of the day, it’s the end user that makes the critical difference in cybersecurity,” says Ewell.
For more information about the symposium, go to www.tacoma.uw.edu/events/content/next-gen-cybersecurity