By Dr. Torsten Saab, Principal Engineering Fellow, Raytheon
The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019 and reported losses exceeding $4.2 billion. The most hacked industries include government, retail, and technology, due to the high level of personal identifying information that they are known to hold – making a cyberattack very profitable.
In October 2021, the White House Office of Science and Technology Policy (OSTP) convened industry stakeholders from across the country to discuss how quantum computers and quantum sensors will benefit American society. While holding a lot of promise, quantum technology also poses unique risks to enterprises, governments, and individuals around the world. With Quantum computing-related cyber security threats, assuming a breach has already occurred and using a zero trust-based approach will be even more important.
Quantum technology and the potential of Zero Trust
Quantum Day or “Q-Day,” while 5-10 years out, is coming faster than we would like and it represents the day that quantum computers will reliably use the superpositioning power of qubits (i.e., information bits that can assume multiple states at once) to compute the codes needed to break asymmetric encryptions. With that said, the arrival of Q-Day may rely on Zero Trust strategies as nations work to prepare for the cyber risks that will inevitably accompany these computing advancements. We can no longer have this ‘castle-and-moat’ mindset, where we are hyper-focused on defending the perimeter, believing everybody and everything already inside our network belongs there. We must assume that the bad guys are already inside, accessing our data, and using “collect now, decrypt later” strategies.
Zero Trust teaches us important security concepts and ideas, such as:
- “Never trust, always verify”
- A “you’ve been breached” mentality
- The replacement of traditional perimeter-based security
- An introduction to micro-segmentation and multi-factor authentication
- The incorporation of contextual analysis into the IT resource access decision-making process
Outlining a Plan of Action
In response to the challenges that Zero Trust holds, Raytheon Intelligence & Space (RI&S) offers the expertise and flexible solutions to rapidly develop and implement a future-proof Zero Trust strategy that will best fit an organization. For example, its highly scalable and extensible Zero Trust security platform called REDPro ZTX (short for Raytheon Enterprise Data Protection with Zero Trust Extended) monitors users, devices, networks, workloads, and data in real-time. It enables plug-and-play of multi-vendor Zero Trust solutions; enforces least-privilege access; continuously verifies access requests; and facilitates real-time, multi-level cyber response.
An effective and comprehensive Zero Trust solution must seamlessly provide multi-level Zero Trust monitoring and policy enforcement at the edge, on premise, and in the cloud. RI&S’s REDPro ZTX solution even goes a step further by combining cross-platform Zero Trust security with cyber resiliency. Cyber resiliency adds important security features, such as independent hardware and software attestation, self-healing, and deception.
REDPro ZTX allows customers to interchangeably plug-and-play defense-grade Zero Trust and cyber resiliency technologies from RI&S and industry partners. Having modular building blocks allows customers to decide which pillars of the Zero Trust model – users, devices, networks, workloads, and data – they would like to focus on first and how to achieve comprehensive Zero Trust coverage over time. RI&S’s modular and extensible REDPro ZTX platform was designed to speed up the deployment of Zero Trust security across heterogenous IT (Information Technologies) and OT (Operational Technologies) environments, while also lowering the technical risk, streamlining cyber security operations, and reducing response times.
In addition to deploying Zero Trust security-based systems as soon as possible, organizations should also consider developing a Quantum Security (QS) strategy and incorporating it into their ZT strategy. A QS strategy, for example, could include the adoption and deployment of Post-Quantum Cryptography (PQC), Quantum Random Number Generators (QRNG), and Quantum Key Distribution (QKD) systems.
Given the continuously evolving cyber threat landscape, including potential data security threats posed by code-breaking quantum computers, the time to incorporate zero trust and quantum security into one’s cyber strategy is now.
About the Author
Dr. Torsten Staab is a Raytheon principal engineering fellow. He serves as Chief Innovation Officer for Raytheon Intelligence & Space’s Cyber, Intelligence, and Services business unit. In addition, Staab also serves as Chief Technology Officer for Raytheon Blackbird Technologies, Inc., a wholly owned subsidiary of Raytheon Technologies.
Staab has an extensive background in software and systems engineering. He is a recognized subject matter expert in areas such as cybersecurity, data analytics, machine learning, distributed systems and laboratory automation. He has contributed to more than 50 publications, as well as five issued and five pending patents. He received a Diplom Informatiker (FH) degree from the University of Applied Sciences in Wiesbaden, Germany. In addition, he also holds master of science and doctorate degrees in Computer Science from the University of New Mexico.