A Faulty Software Update Causes Chaos
On July 19th, a faulty software update to CrowdStrike’s endpoint security systems caused a worldwide crash of Windows computers. This, even though according to Microsoft, 8.5 million Windows devices, which constitute just under 1% of computers worldwide, were affected. This led to significant disruptions: over 42,000 flights were delayed, nearly 5,000 were canceled (including 2,600 in the United States), and thousands of companies’ services were temporarily unavailable, some for hours or even days. Government services, including emergency services, were also shut down. The full extent of the damage is still unclear and will take time to assess. Due to the nature of the software, which operates at the system level, a manual fix is required, meaning it could take days or weeks to resolve the issue completely.
The Fragility of Cybersecurity Systems
Our modern world depends on the ability to secure our data, both at rest (on organizational servers and databases) and in motion (during communication). Thus, cybersecurity solutions are essential. However, the complexity of these systems can also be a significant liability. We face not only potential attacks exploiting vulnerabilities in our software but also those targeting the cybersecurity software itself. Additionally, bugs and malfunctions in cybersecurity software can lead to extensive outages, as we are witnessing with the current CrowdStrike issue. Since cybersecurity software operates at the root level of computers, any bug can cause substantial damage and require considerable resources to fix.
Quantum Computing Threats are becoming real
As our world becomes more interconnected and complex, with new technologies like AI being integrated, the dependency on cybersecurity software will only increase. This raises the stakes for potential disruptions caused by software bugs or vulnerabilities.
In the context of protecting data in motion, the world is preparing for the threat of quantum computing, which will render current encryption methods obsolete. The two main technologies being considered for deployment are post-quantum cryptography (PQC) and quantum key distribution (QKD).
The Dual Approach: Using PQC and QKD to Combat Quantum Computing Threats
It is becoming evident that a combination of both PQC and QKD will be adopted. PQC is often seen as the default solution due to its software-based nature, making it easier to install,deploy and manage. PQC provides true end-to-end encryption. However, QKD offers a critical advantage: its encryption security is based on quantum physics, providing a much higher level of protection. A well-designed QKD system offers encryption that is theoretically unbreakable, both now and in the future, a claim no mathematical encryption solution, including PQC, can make.The CrowdStrike outage highlights an additional benefit of QKD: it is a physical solution operating at the photonic level, completely detached from the interconnected software world. This means it does not pose the same risks of introducing vulnerabilities or causing system shutdowns due to software bugs. A faulty QKD system does not affect the flow of data communications.
It is Time for a New Paradigm in Secure Communications
Organizations looking to safeguard their communication now have yet another reason to confirm why adopting a combination of PQC and QKD solutions is critical. Integrating QKD not only adds another layer of protection but also ensures a level of security impervious to software malfunctions, preventing it from becoming a potential root cause of such issues.