This is not a drill: Preparing for a severe cyber storm
September 19, 2022
When you hear a warning about an approaching storm, do you ignore it or spring into action? Having lived through two Category 5 hurricanes, I know both the importance of an early warning and the unimaginable destruction a single vulnerability, like one window left unsecured, can do. With the release of the National Security Memorandum 10 (NSM-10), the White House sent a worldwide ‘severe cyber storm’ warning for the approaching cryptographically relevant quantum computer (CRQC).
As with most things, including storms and the advancement of technology, there are pros and cons. Nothing grows without rain, but too much rain leads to flooding. As quantum information science matures, a single CRQC will be able to help reduce costly failures in complex manufacturing processes by identifying the problem area quickly, but a sophisticated CRQC could breach the public-key cryptography currently used to secure digital communications and systems around the world. Banking transactions, B2B and cloud applications, advanced driver assistance systems, and aerospace and defense mission-critical processing platforms will be at risk of infrastructure and data exposure.
Similar to keeping plywood on hand to board-up windows or a generator to endure power outages during prolonged storms, the NSM-10 is a proactive call to guard against cyber threats and upgrade cryptographic solutions BEFORE they are vulnerable. It seeks “a whole-of-government and whole‑of‑society” strategy for quantum information science (QIS), including “the security enhancements provided by quantum-resistant cryptography.” For any such strategy to succeed, significant investment in quantum-resistant cryptography technology innovations is needed today to ensure commercial and defense applications meet post-quantum cryptographic requirements.
Designing post-quantum cryptography (PQC) is much more than just implementing an algorithm. It’s designing efficient hardware acceleration. It’s protecting against side channel attacks from multiple vectors like power, EM, timing and glitching. It’s having secure hardware-based key management to prevent cyber exploits such as buffer overflow attacks. It’s test and verification of complex firmware and software algorithms.
Pioneering chip-level and firmware-based SCA-resistant cryptographic solutions (introduced in 2014) and encrypted data systems, Mercury continues to deliver industry-leading solutions that address all aspects of advanced cryptographic development. For defense-ready cryptography in ASIC design, space/rad-tolerant applications and high-value aerospace and defense solutions, Mercury’s proven cryptographic portfolio includes NSA Type-1 encryption devices, BuiltSECURE™ in-line memory encryption, cryptographic FPGA cores, cryptographic microprocessors and related countermeasures to meet critical security requirements. Infused with significant R&D funding, our team is developing solutions to help industries prepare for post-quantum cryptographic requirements – before quantum computing becomes an everyday reality.
Like storms, data breaches carry varying degrees of potential damage without bias to location. It’s painful to have your personal data wrongfully accessed; wrongful access to battlefield mission-critical data can have much more devastating consequences. As computing at the edge introduces additional risk, greater security protections must be implemented. Mercury and Intel® work together to make innovative commercial technology profoundly more accessible to aerospace and defense. The reliability and performance of Intel silicon combined with Mercury’s trusted BuiltSECURE™ secure boot, cryptography and physical protection technologies safeguard confidential data and intellectual property against threats in some of the most inhospitable places on earth and beyond.
Secure and Trusted Manufacturing
Designing solutions to foil attacks leveraging quantum computing capabilities certainly takes top priority on the ‘storm preparation to-do list.’ Having secure manufacturing facilities to build these solutions is a close second. Mercury is a Defense Microelectronics Activity (DMEA) accredited "trusted supplier" and a Trusted Electronic Designer, Fabricator and Assembler with IPC-1791-certified facilities manufacturing logic components ranging from DMEA microelectronics to motherboards. Combining industry-leading capabilities with robust, secure processes, independent auditing and scorecards, Mercury IPC-1791-certified facilities deliver full supply chain traceability.
With industry-leading R&D investments, a certified trusted supply chain and a dedicated team of the industry’s brightest and most creative minds collaborating to engineer next-generation post-quantum algorithms, Mercury is here to help you heed the ‘severe storm warning.’
... . ...- . .-. . / -.-. -.-- -... . .-. / ... - --- .-. -- / .-- .- .-. -. .. -. --.