Sometimes the world of cybersecurity seems to be upside down, and this is one of those times. In particular, one of the technologies that has long been hailed as the industry's salvation, cryptography, is in a time of great transition at a moment when it's needed more than ever to keep data safe.
Consider: We live in a world in which a highly respected Israeli security firm sells powerful malware that allows its customers to hack into an encrypted public service like WhatsApp and see where someone is, who they're talking to, and what they're talking about.
Yes, the company, NSO, maintains that it only sells its powerful Pegasus software to law enforcement organizations for the purpose of fighting crime and terrorism. But when one's supposedly safe private communications are hacked, does it matter who was doing the hacking or why?
We also live in a world where, according to the U.S.' data protection commissioner, Helen Dixon, children have a better basic understanding of data protection than their parents, who are charged with keeping them safe. In other words, to a certain degree the inmates literally are running the asylum, a situation that underscores the value and importance of strong encryption.
Given the implied confusion over not only when we're actually being hacked, but how to even recognize that it's happening, it's no surprise that demand for quantum cryptography, cryptography's amped-up next frontier, is expected to take off. The addressable market for quantum cryptography, which ups the ante from classical cryptography by ensuring that data is in a constant state of flux, is expected to mushroom to more than $1.3 billion by 2026, according to a recent report from Data Bridge Market Research.
The whole topic of cryptography has gotten so complex that the industry is busy creating post-quantum cryptography solutions to help protect against attacks launched from quantum computers that won't even be commonplace for another decade.
In a recent piece for Security Boulevard, longtime security pro Timothy Hollebeek made it clear that this is critical because cyber security teams can't get too far out in front of this development.
"If you are a technology vendor or an enterprise that deploys network-connected devices, it is important to know the security implications and impact that quantum computers might have on your organization," he wrote. "Understanding what actions you can take today will prepare your organization against the threats of tomorrow."
According to a recent piece in Quartz, quantum computing represents a significant threat to encryption, one that it makes sense to address now. The result is "quantum-safe cryptography," which aims to protect data against a threat that until recently was thought to be merely theoretical. The rise of quantum computing has made that threat anything but theoretical, and has given hackers a tool for breaking through cryptographic layers or protection.
Making cryptography in its various forms even more intriguing now is an apparent trend toward key cryptographers not being allowed to speak in the U.S.
This development first reared its head earlier this year when RSA co-founder Adi Shamir wasn't able to attend the annual RSA Conference he helped to create when his visa wasn't processed quickly enough for him to enter the country. Since then, additional cryptographers have been met with similar difficulties in obtaining U.S. visas, most recently when Ross Anderson, wasn't able to attend a gala in Washington D.C. recognizing his cryptography tome, Security Engineering, which was being inducted into The Cybersecurity Canon.
This spurred one of the world's foremost cryptography experts, Bruce Schneier, to speculate on his blog that more than coincidence was afoot.
"I've heard of two other prominent cryptographers who are in the same boat," he wrote. "Is there some cryptographer blacklist? Is something else going on? A lot of us would like to know."
Whether the string of visa issues is intended or is a matter of bureaucratic incompetence, it's a trend worth keeping an eye on, and one that speaks to the future of cryptography as a key cyber security tool.