Quantum computer Photo: Via archive/Shutterstock

One of the biggest topics in cybersecurity over the past few years is the onset of quantum computing and its potential impact. In the recent “10 Defining Moments in Cybersecurity and Space in 2024,” one of the moments highlighted was the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) finalizing the principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer. The algorithms announced are specified in the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project.

[This article was published exclusively for Space Security Sentinel, a new monthly newsletter at the intersection of cybersecurity and space. Subscribe to the newsletter here.]

What impact could quantum technologies have on the space sector? There are a number of new companies looking to play in this space. One of them is Cavero Quantum, a company that has developed what it claims are some of the most secure, software-based cryptographic keys in the world. The aim is for these keys to secure communications from both current traditional and future quantum attacks. The keys are deployable on any device, regardless of size.

Space Security Sentinel spoke to Cavero Quantum CTO Frey Wilson and CEO James Trenholme about quantum solutions and the space sector. Wilson points to the fact that space assets are relied upon for defense and communications, which adds to the value of space, but also means space assets will be targeted more.

Trenholme believes the challenges for space are the same as terrestrial in the sense that assets are already out there are becoming more susceptible to an attack. He highlights the fact that some of the assets in space have been out there for a very long time, and also that they are parts of critical infrastructure like GPS for example, with multiple single components of failure.

“If there is an asset that can be hacked or exploited, then it is a problem. There is a lot of that in space. But, there is also a lot of investment going into space because terrestrial-based communications are at risk of attackers. The need to defend and protect communications through space is going to become even more critical,” he says. “I don’t see it being a separate issue. I see it being another medium or location. We are looking at security full stop. Aerospace and space technologies are expensive assets deployed for a long period of time. It is how do you make sure that the assets deployed are going to be safe, not just now, but for however long they are in service.”

Trenholme sees the ability for classical or quantum computers to break existing algorithms as “just a challenge” that all good and bad actors are looking to complete. He adds, “It is a kudos thing. If someone can break RSA and do it on any computer, they will get credit. The world has a problem that once it is broken, you will have to fix RSAs. I think AI and quantum computing will facilitate good and bad actors. But, it will be able to facilitate doing things faster and more people will be able to write scripts that expose existing cryptography, and they will do so and it will break. I don’t think there is an organization of genius bad actors using quantum computers. It will be broken by research scientists and then those findings will be used for bad purposes.”

Trenholme believes the work that Cavero Quantum does could be a good fit for companies in the space sector. The key creation process the company has built does not rely on sending large data packets in one message.

“It fits very nicely into the low power environments that space have, and the low processing environments that satellites work on, where as traditional cryptography doesn’t,” Trenholme said. “We think there are a lot of potential performance gains to be made using a Cavero solution over some of the other quantum algorithms that are potentially there.”

In terms of what advice the company would give to space companies, Wilson believes that cybersecurity has traditionally come along as an afterthought to the innovation taking place in sectors like space.

“There have always been difficult challenges to apply security because we have not really thought about it in advance. But we know better now and we have a real opportunity to get ahead of the game,” Wilson said. “The threat landscape is constantly evolving and we now have a real opportunity to get ahead of that. In a space context, and preparing to be agile, how can you be thinking about the future enough to think about how things that are in the pipeline now? We know what some of those threats are going to be in the future. How can we think about protecting those?”

One of the main challenges of this era is how these technologies will be regulated in the future. Cavero has been talking to regulators in the United Kingdom, as well as figuring out what its next steps are. Working with the likes of NIST can be far from easy. Trenholme said the company needs to decide whether to submit its solution to the NIST approval scheme or continue outside of that framework.

“The challenge with NIST from a commercial business perspective is that it takes a very long time. It is one we will engage in and be a part of. But, we have a solution that fixes real world security challenges now,” he said. “What our algorithm does to stop existing classical computer attacks as well as the potential quantum stuff and then we will focus on the quantum regulations afterwards, simply because we couldn’t wait for a NIST approval. We would be here for three to four years otherwise.”

Wilson and Trenholme share their predictions in terms of cybersecurity over 2025. Wilson believes we will see an increase in AI-propagated fraud, as phishing campaigns are becoming more sophisticated and targeted, with the recent AI Brad Pitt case as an example.

“AI absolutely increases the strength and the power of attacks we will see from a fraud perspective. At the minute, users almost have no tools at their disposal to be identify who they are speaking too. There is a high threshold for users, but that doesn’t happen in return. We need to provide more tools,” Wilson said.

Trenholme says he sees the world around identity, the identity of things and one of the main security challenges is verifying and authenticating identity. He talks of seeing a massive proliferation of identity theft and exploitation in the next 12 to 24 months.

“Most of our authentication systems are one-way and we need mutual authentication both ways to be secure and confident. It is the only way we are going to get rid of man in the middle attacks whether terrestrial or space. That is the Achilles Heel,” he says. “How does satellite genuinely know it is ground control, updating software? Authentication is usually from the ground control to the satellite and not the other way around, and that could get exploited.”