Thales - Experts & Thought Leaders

DigiCert, a pioneering global provider of digital trust, has announced the results of the inaugural DigiCert® Quantum Readiness Awards.  Cloudflare, the pioneering connectivity cloud company, won the prestigious honour, while Migros, one of the largest retail companies in Switzerland, and DXC Technology, a pioneering global technology service provider, were selected as finalists by the judges. Cloudflare's journey The awards ceremony took place during DigiCert’s World Quantum Readiness Day, a virtual event dedicated to raising awareness about the threats quantum computing poses and steps companies should take now to prepare. Cloudflare's journey towards post-quantum cryptography excellence started with experimentations in 2017, to deploying advanced algorithms to its services in 2022, to providing broad post-quantum encryption support for free by default across its products and services to help customers secure their websites, APIs, cloud tools, and remote employees against future threats. Cloudflare’s strategy Cloudflare’s strategy of forming a true task force to facilitate the company-wide transition to secure  Cloudflare has set a benchmark in the industry. Their proactive community-first approach, which includes open-sourcing implementations and extensive collaborations with industry partners, has significantly contributed to global standardisation efforts.  Cloudflare’s strategy of forming a dedicated task force to facilitate the company-wide transition to secure both internal and external connections against quantum threats, showcases a commitment to innovation and security. Cloudflare's leadership Cloudflare's leadership in this field was further underscored by its commitment made at the 2023 Summit for Democracy, to make post-quantum cryptography available for free, solidifying its role as a pioneer in promoting a safer Internet for the future. "Cloudflare recognised early on that it was necessary to get our systems ready for the undefined time at which quantum computers would become a threat to cryptography," said John Graham-Cumming, Chief Technology Officer at Cloudflare. "We made a commitment to post quantum readiness in 2017 through the work of our Research team. We began working, doing experiments, and the result is this Quantum Readiness Award and the fact that all of our customers have post quantum cryptography available today." Expert panel of judges This year's honourees were selected by an expert panel of judges, including: Blair Canavan, Director, Alliances – PQC Portfolio, Thales Tim Hollebeek, Industry Technology Strategist, DigiCert Dr. Ali El Kaafarani, CEO, PQShield Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Centre of Excellence, NIST Alan Shimel, CEO, TechStrong Group Hugh Thompson, Chairman, RSAC. Current encryption standards “Quantum computing presents both an unprecedented opportunity and a significant threat to the current encryption standards that enable security, trust and online privacy. It is encouraging to see many of the applicant companies leaning into this very important transformation to quantum agility in order to protect data and infrastructure,” said Dr. Hugh Thompson, RSAC Chairman and Quantum Readiness Award judge.  “On behalf of the judging panel, we are excited to see Migros, DXC Technology, and of course, the winner, Cloudflare recognised for their efforts in acting with haste on this critical move to quantum-resistant cryptography." DigiCert Quantum Readiness Awards Most firms (61%) report being unprepared for the threat posed by quantum computing Most enterprises (61%) report being unprepared for the threat posed by quantum computing. The DigiCert Quantum Readiness Awards recognises organisations that are at the forefront of safeguarding digital security in the quantum era. These pioneers are setting an example for what it means to be quantum-ready, demonstrating exceptional innovation in addressing quantum challenges. Quantum computing technology DigiCert Quantum Readiness Awards underscore the importance of collaborative efforts in developing robust defences against the looming quantum threats. As quantum computing technology continues to advance, DigiCert remains committed to supporting organisations worldwide in their journey toward quantum preparedness.

DigiCert, a provider of digital trust announced its speaker lineup for its World Quantum Readiness Day event, set to take place virtually on September 26, 2024. Announced on the eve of RSAC 2024, the event is an opportunity to gain strategies that will help safeguard organisations and accelerate their path to preparedness for the quantum era.    Quantum computing “Quantum computing is transforming the landscape of digital security, and we are excited to help organisations prepare for the security challenges a quantum future presents,” said Amit Sinha, CEO of DigiCert. “We are thrilled to bring together such an esteemed group of experts to share their insights and help guide the industry toward a more secure quantum future.” Distinguished speakers for World Quantum Readiness Day Peter Shor, Professor of Applied Mathematics at MIT and author of Shor’s Algorithm Dr. Taher Elgamal, cryptographer, entrepreneur, the “Father of SSL,” Partner at Evolution Equity Partners Bob Sutor, Quantum Technologist and Vice President and Practice Lead at the Futurum Group  Reza Nejabati, Head of Quantum Research at Cisco Arfan Sabar, EMEA Cyber Security Services Encryption & Quantum-Safe Services Leader at IBM Jim Goodman, cryptography expert and Co-founder & CTO at Crypto4A Dr. Marc Manzano, cryptography expert and General Manager at SandboxAQ  Tom Patterson, Managing Director for Emerging Technology Security at Accenture Colin Soutar, Global Quantum Cyber Readiness Leader at Deloitte  Andy Regenscheid, Cryptographic Technology Group Chief at NIST Computer Security Division Panel moderators for the event include Nasdaq’s Kristina Ayanian and DigiCert’s Avesta Hojjati and Brian Trzupek.   2024 Quantum Readiness Awards The awards celebrate organisations that are spearheading the charge in quantum preparedness The virtual event will also honour the winner of the 2024 Quantum Readiness Awards to celebrate organisations that are spearheading the charge in quantum preparedness.  These pioneers are setting the standard for what it means to be quantum-ready, demonstrating a comprehensive understanding of the challenges that quantum computing presents.   Judges for the Quantum Readiness Awards Hugh Thompson, Chairman, RSAC Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence, NIST Dr. Ali El Kaafarani, CEO, PQShield  Alan Shimel, CEO, TechStrong Group Blair Canavan, Director, Alliances –PQC Portfolio, Thales Tim Hollebeek, Industry Technology Strategist, DigiCert Registration for the World Quantum Readiness Day is open.

In response to the growing uptake of GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) methodology, the organisation has introduced several initiatives to further accelerate adoption. These include the launch of new certification stamps, expanding the number of labs and certification bodies (CB), new partnerships and the creation of an adopter program. Together, this raises the bar for IoT security by enabling the adoption of the methodology across new sectors, use cases and markets. Relevant security requirements “We are at an inflection point in SESIP adoption,” commented Gil Bernabeu, CTO of GlobalPlatform. “SESIP is getting recognised for eliminating the complexity and fragmentation surrounding security evaluation, making IoT device security economically viable for the entire value chain." "It helps the market identify and align relevant security requirements, implement appropriate security in devices, and demonstrate compliancy across markets, while minimising costs, effort, and time-to-market. The recent ratification of SESIP as a European Standard (EN 17927) serves as both a vote of confidence and a trigger for further adoption.” A rapidly growing ecosystem The longstanding diploma body TrustCB has already issued 47 SESIP diplomae to firms SESIP has rapidly become an internationally recognised standard for security evaluation, supported by a large community of security providers, industry bodies, security laboratories, and other stakeholders. The longstanding certification body TrustCB has already issued 47 SESIP certificates to companies including NXP Semiconductors, STMicroelectronics and Winbond Electronics Corporation. These products were evaluated by a growing group of GlobalPlatform licenced security laboratories. Currently, these labs are Applus+, Riscure, SERMA, SGS Brightsight, and Thales ITSEF with more expected to join this list in the coming year. Two additional certification bodies are currently working to become GlobalPlatform SESIP CBs to bring even more capacity and reach to the ecosystem. SESIP-certified software   The methodology is also already used or referenced by bodies including the CCC, ETSI, FiRa Consortium   Importantly, the methodology is also already used or referenced by bodies including the Car Connectivity Consortium (CCC), ETSI, FiRa Consortium, National Institute of Standards & Technology (NIST), PSA Certified and Wireless Power Consortium. This adoption first demonstrates the value of the methodology to strengthen IoT security across diverse vertical markets and use cases.  It also helps device manufacturers using these technologies to compose their final device based on SESIP-certified software or hardware components, while quickly and easily ensuring compliance with relevant regulations. Collaborating to expedite adoption The GlobalPlatform community is responsible for maintaining the methodology, enforcing a governance model with an associated quality brand between CBs, product vendors and laboratories. The support and expedite growth, GlobalPlatform has delivered several important initiatives and resources: SESIP Committee & Working Groups – A dedicated Committee and Working Groups have been established to drive GlobalPlatform’s strategy for SESIP ecosystem development, initiate new technical projects, facilitate adoption efforts, and oversee governance. A primary focus is to engage with regulators and the security evaluation ecosystem to identify requirements and demonstrate SESIP’s applicability for different regions and vertical markets.  New SESIP Product, Lab and Certification Body Marks – A suite of branded logos have been made available for certified products, and accredited laboratories and certification bodies, to promote and bring trust to their offerings. SESIP Profiles and Mappings – GlobalPlatform develops and maintains a growing suite of SESIP Profiles and Mapping documents to facilitate the adoption and use of the methodology. SESIP Profiles are used in the security evaluation of a component or device, while SESIP Mappings bridge the security requirements defined in the methodology with those of global cybersecurity regulations. SESIP Adopters Community – As the methodology is now being used by a diverse range of different stakeholders, GlobalPlatform has created the ‘SESIP Adopters’ community. This program informs non-members about the latest GlobalPlatform SESIP developments, provides access to relevant technical documents, and allows them to showcase their certified products and/or support for SESIP. Development of SESIP “SESIP leverages the expertise of the GlobalPlatform ecosystem to incorporate better cybersecurity in IoT devices, at the right cost and aligned with market regulation,” added Bernabeu. “By giving stakeholders a single point of reference for IoT cybersecurity, regardless of their security expertise, we can collectively raise the bar for security. But we need to reach beyond this GlobalPlatform community. These programs, partnerships and resources will extend our ecosystem, enabling anyone to join us in driving the development of SESIP for the benefit of the growing IoT industry.”

The next step in the journey of digital transformation, the fifth generation of wireless communications technologies (5G) will have an enormous impact on mankind, and on every industry including security. In short, 5G will disrupt the way we live and work. To discuss the changes, we presented our questions to Benoît Jouffrey, VP 5G Expertise at Thales, which is at the forefront of the transformation with an emphasis on trust and security. Following are his responses. Q: In layman's terms, what is the difference between 4G and 5G ecosystems as they relate to opportunity, flexibility and choice in networking tools? Jouffrey: Compared with largely one-size-fits-all 4G services, the 5G ecosystem will provide organisations with much greater choice and flexibility in the way they communicate over mobile networks. The network slicing capabilities of 5G means that business can have their own independent networks, with each one customised to their unique requirements and backed up by service-level agreements (SLA). Another aspect of 5G will be the ability to drive latency between UE (User Equipment) and network down to below a few milliseconds, which will massively boost the performance and scalability of enterprise applications. Q: How can these capabilities drive a company's digital operations? 5G will allow enterprises to be connected more efficiently Jouffrey: 5G will allow enterprises to be connected more efficiently: they can rely on a higher density of connected devices exchanging more information in a better timeframe. Due to these slicing capabilities, 5G networks allow for much greater personalisation than 4G networks. This means that businesses could benefit from this personalised network, tailored to their portfolio of Internet of Things (IoT) use cases, and not be necessarily expected to rely on a one-size-fits-all network. By combining the unique capabilities of 5G with the insights derived from analytics, machine learning, and artificial intelligence, enterprises will be in much better stead to run their operations efficiently and securely. Q: How might 5G impact the use of cloud systems? Jouffrey: 5G is the first communication environment that is cloud-native. As such, 5G networks will support cloud-based applications in a way that 4G, 3G and 2G can’t support. For instance, sensors (e.g. in a manufacturing plant) often have a small internal storage and rely on synced devices (e.g. gateways) to interact with the cloud. Soon, these sensors will be able to work more efficiently, interacting with the cloud via the ultra-low latency and the edge computing capabilities supported by 5G networks. Unlike current IoT services that make performance trade-offs to get the best from these existing wireless technologies, 5G networks will be designed to bring the high levels of performance needed for the increasing use of IoT. It will enable a perceived fully ubiquitous connected world, with the boosted capacity offered by 5G networks transferring exponentially more data at a much quicker rate. Q: How can one provide trustworthy 5G lifecycle management for IoT devices? Jouffrey: Trustworthy IoT lifecycle management is an end-to-end approach from the secure provisioning of keys within the devices, to the proper identification of the users, from the authentication on the network or the network slice, to the secure handling of the data either at stored or in motion. Resources need to be invested long before this to qualify the business model, in prototyping, as well as prototype testing. Most organisations don’t have the resources to counter all the security challenges of their 5G IoT deployments. Businesses will often end up choosing between navigating a risk-laden 5G environment, with inadequate or incomplete trust mechanisms, or outsourcing these requirements. When looking at outsourcing, companies must choose a provider with expertise in digital security, ensuring 5G IoT deployments have data protection and connectivity credentials built in, together with end-to-end data protection solutions such as encryption – protecting data in the device, network, and cloud at rest and in transit. Q: How can wireless modules address new 5G IoT use cases? Wireless modules can be expected to play a bigger role than in previous generations of cellular Jouffrey: As IoT considerations are integrated into the 5G ecosystem, wireless modules can be expected to play a bigger role than in previous generations of cellular. 5G modules support different characteristics to earlier generations – the 5G use cases are much more complex, varied, from high-end use cases requiring high data usage and throughput, such as for industrial routers, to low-throughput, energy consumption optimised devices, as required for some IoT sensors. At the end, compared to the largely one-size-fits-all approach that preceded it, 5G will increase the demand for vertical-tailored wireless modules. Importantly, these wireless modules need to support new data protection and security features that go well beyond conventional compliance to 3rd Generation Partnership Project (3GPP) standards. Due to the extent of personalisation within 5G networks, wireless modules must also offer providers and customers greater security as well as agility all along the device lifespan. Q: What are the new data protection challenges posed by 5G, and how can they be addressed? Jouffrey: The 5G era presents exciting opportunities, as well as security challenges. The greatest risks to enterprise data on 5G networks – including eavesdropping, man-in the middle attacks, denial of services, loss or compromisation of data – were already known in 4G. The 5G standards have looked at providing answers to these threats and come with some noticeable improvements, such as the encryption of the international mobile subscriber identity (IMSI), otherwise known as the Subscription Permanent Identifier in 5G. But what’s different with 5G is the threat surface area, due notably to the variety of devices that will be used over these 5G networks and the underlying technologies used for the deployment of the networks, such as cloud native virtualisation. On top of this, it’s the first generation of cellular to launch in an era of global cyber-crime, funded by organised crime and states alike. So, whilst enterprises should look to the ecosystem of telecom operators and cloud providers, vendors, and system operators to help understand the opportunities presented by 5G – this same ecosystem needs to guide them in countering any new risks that the 5G architecture may pose. The key to securing 5G enabled devices is to build security into devices from the outset using encryption. The key to securing 5G enabled devices is to build security into devices from the outset Q: What new roles can the 5G embedded universal integrated circuit card (eSIM) endorse in network authentication? Jouffrey: 5G is the first generation of cellular to launch in a buoyant eSIM market. The eSIM will be key in supporting network slicing authentication and security, enabling enterprises to leverage their credentials to pre-select network slices. However, to support secure authentication for mobile networks that may require the usage of different authentication algorithms over time, these 5G eSIMs must support this flexibility of usage of multiple authentication and authorisation credentials. With this capability built into these eSIMs from the start, mobile operators can remotely swap the authentication algorithm either for a dedicated primary authentication, or in a definitive way, thanks to key rotation management, thus maintaining a trusted environment.