Aug 10, 2020

Parallels between Zero Trust and the Fight Against Corona Virus

It is not uncommon for cyber professionals to have a difficult time conveying to people unfamiliar with cybersecurity the ways in which to consider protection of their data. There are many similarities between cyber approaches to addressing cyber vulnerabilities and attacks that are similar to those that our nation is using to combat the corona pandemic. One such similarity between cybersecurity and public health is the approach being taken to develop multiple vaccines in parallel knowing that few will be successful. Redundant approaches are commonplace within the cybersecurity world. A future cyber problem that we know is going to occur is the introduction of quantum computing.  Cybersecurity researchers and analysts are rightly worried that a new type of computer, based on quantum physics rather than more standard electronics, could break most modern cryptography. The effect would be to render communications as insecure as if they aren’t encoded. Cryptography needs redundancy to future proof it from quantum computing.

NIST is overseeing a competition to find quantum resistant algorithms, but we do not know which one of the crypto algorithms being analyzed will finally win the competition. This is similar to what is going on with the vaccine competition in that the current government approach is to develop vaccines in parallel without knowing which ones will be effective. This is being done at significant cost and risk. Likewise, the cybersecurity world could, depending on risk analysis by governments and organizations, determine that the potential harm of quantum computing necessitates a similar approach. That is, taking the top set of algorithms currently being analyzed by NIST and integrating them into identity cards fully knowing that several, if not all, may not be effective. This might be needed given the amount of time it takes to design, implement, and promulgate identity cards throughout our nation. We are doing this for vaccines because if and when one is determined to be successful, it would already have been mass produced and readily disseminated for use. Likewise, should a nation state obtain detrimental quantum computing capability before we have determined which of the NIST algorithms is successful, we at a minimum would have a set of algorithms already deployed; at least one of which could be activated should it be proven effective against a nation state's quantum computing attack.

Share on Twitter
Share on Facebook