SafetyDetectives spoke with the Founder, Chairman, and CEO of Arqit, David Williams, about the weaknesses he saw in the cybersecurity arena that led him to start his own company. We also discussed quantum computing and encryption, and some key trends and technologies that are emerging in the cybersecurity industry.
Can you talk about your background and what motivated you to start Arqit?
Prior to founding Arqit, I worked in the telecoms industry for 17 years and before that as an investment banker, financing international telecoms businesses.
As a result of working on some high-security projects, I became aware of the weaknesses of legacy encryption and the escalating nature of the threat to it from increasing computational power in the hands of adversaries. This will culminate in the definitive end of legacy public key cryptography when quantum computing reaches scale. It felt to me like the biggest IT problem of the era – if no one can feel secure online, how can online businesses flourish?
Those few people who, in 2017, were thinking about this were considering two possible solutions: post-quantum algorithms and quantum key distribution. We felt that both of these approaches had very serious flaws. PQAs can never be described as permanently secure against quantum attack, and, as the White House said last year, lack the maturity to be implemented in the near term. QKD is an on-prem hardware solution with a limited range, so, as the UK’s National Cyber Security Centre (NCSC) said in 2021 not applicable to the nature of our connected world. We felt there must be a better pathway to creating security for the hyperconnected IoT age and protection against the coming quantum threat. Arqit was born from that idea, and six years later, we have products on the market that deliver quantum-safe protection that is provably secure, zero trust, easily adopted, standards-based and field tested by major corporations. We are here to solve the problem at scale.
Can you explain in layman’s terms how your technology works and what makes it unique in the current market?
We supply a unique quantum-safe encryption Platform-as-a-Service which makes the communications links or data at rest of any networked device or cloud machine secure against current and future forms of attack – even from a quantum computer.
Our product, QuantumCloud™, enables any device to download a lightweight software agent, which can create encryption keys in partnership with any number of other devices. The keys are computationally secure and optionally for one-time use. QuantumCloud™ can create limitless volumes of keys in limitless group sizes and can regulate the secure entrance and exit of a device in a group. The addressable market for QuantumCloud™ is every connected device.
Today, our product is entirely software-based, served from the cloud. We learned along the way that symmetric encryption is the only method that is long-term secure against quantum attacks. We learned a lot about quantum methods of creating encryption, but then we virtualized these methods in software form to make it scalable. Our platform is truly unique, and there are no parallels anywhere in the world.
How do you envision the role of quantum encryption in the future of digital security?
Quantum-safe encryption will be central to the future of digital and data security. Encryption has long been one of the core defenses used to prevent data from being compromised. However, Public Key Cryptography, the most commonly used method used for encryption since the 1980s, was not designed to meet the needs of today’s hyper-connected world of data.
But also, we are seeing an escalation of digital transformation in all areas. This transformation simply won’t work unless the massive investments being made today can be held to be secure for the long term. A great example of this is the new “MLETR” laws being enacted internationally, which make the use of digital assets in regulated financial services lawful, bringing vast cost savings and benefits to companies’ cash flow. Banks will undergo a fundamental change to adopt these techniques, and Arqit can meet the test of making these assets “tamper proof” in the quantum age.
With the advancements in quantum computing, how do you see the landscape of data encryption and cybersecurity evolving in the next decade?
For all the risks associated with their development, quantum computing will offer amazing R&D opportunities, allowing data to be processed and analyzed at record speeds. However, governments and corporations are now alive to the risks they pose, and there is a growing consensus within the cybersecurity sector to ensure that organizations and companies are made aware of these risks.
Quantum computing is already a very real threat today. “Store-now, decrypt later” is a known threat where nation-state actors and organized criminals will collect encrypted data in readiness to decrypt it when quantum computers inevitably arrive. Sensitive data today is already vulnerable, but Arqit’s symmetric key agreement platform QuantumCloud™ offers organizations and companies the ability to protect their data from both current and future threats.
Last year, the White House announced a timetable to transition US cryptographic systems to quantum-resistant cryptography as a matter of urgency, and Congress passed a new cybersecurity act focusing on the quantum threat. The next decade will be the decade of quantum security resilience as we all seek to ensure our data is safe.
The threat response is already here. For example, Arqit works with Fortinet to generate quantum-safe security within their market leading firewall products. Thus it is now a simple task for a company to order a simple software upgrade and make the network boundary quantum-safe, ticking off a significant portion of the threat from their risk register. By making Arqit’s symmetric key agreement platform easy to consume through integration with OEMs platform, we make it a simple choice for corporate users. We only launched the Platform-as-a-Service version of our product in December, and it is already gaining traction.
Can you discuss some of the key trends or emerging technologies in the cybersecurity industry that you’re most excited about?
There is an obvious focus on AI at present and the opportunities we will gain from this advanced technology, which is growing at pace every day. There are rightly a lot of questions being asked about how we can maximize the benefits of this technology in a responsible and ethical way. AI will go hand in hand with the advancements in quantum technology, using increased processing power to deliver more accurate and timely outcomes. Security will feature heavily as organizations and companies ensure their data is safe from these emerging technologies.
More simply, the IoT revolution is upon us. With the role out of 5G networks by fantastic companies like BT, it is becoming possible to conduct highly efficient remote monitoring of all manner of assets using low costs devices. But these devices struggle to run legacy encryption. Arqit’s lightweight agent is the solution to making these devices secure.
Every day, we seem to read about new data breaches; what steps do you think companies should take to ensure they are adequately protected against cyber threats?
Companies need to mitigate the risk now. The White House has already given guidance on the urgent need to make changes. Quantum computing is with us today and growing in capability rapidly, and companies need to update their encryption to deal with the weaknesses of legacy encryption.