What are the top three security challenges ahead of us?

The recent Allianz Risk Barometer identifies “cyber risk” as the top corporate challenge. This is no surprise to us, and we expect these threats will only increase in the future. The driving factors behind this trend are growing geopolitical turmoil, the emergence of quantum computing, and changes in network and data usage patterns. These developments threaten to render current security measures obsolete, making it imperative for organizations to stay informed and take proactive steps to mitigate these risks. Failure to do so could result in significant financial and reputational losses.

Deglobalization and geopolitical turmoil

Global economic integration has been a driving force behind peaceful cooperation and profitable trade. However, this trend is shifting as countries strive for greater strategic autonomy. There is a growing concern about dependency on third parties for strategic assets. Countries now focus on developing robust supply chains, often involving localizing essential expertise and technologies. 

This push for strategic autonomy is becoming more pronounced as countries even take aggressive action to protect their national interests. This includes a focus on securing the communication networks of critical infrastructure, defense, and providers of essential services, which are considered prime targets for nation-state actors. Governments are increasingly prioritizing network security and digital sovereignty, implementing new regulations and executive orders such as the European Network and Information Security Directive NIS-2 and Cyber Resilience Act (CRA) to improve the security posture of essential operations and establish cyber resilience capable of defending against even the most sophisticated attacks.

In response, ADVA Optical Networking (now Adtran) has decided to follow suit and reshore its security operations. Adva Network Security has been established as a German security company, consolidating key capabilities in R&D, production, and services. By reducing our international footprint, we’ve made R&D processes more efficient and streamlined production. We’ve also implemented additional security controls to further strengthen our operational tools and strategic assets, resulting in a lower attack surface. Our close collaboration with national security authorities ensures alignment with leading security expertise and allows for stringent product and process approvals as well as certification by relevant government bodies.
Quantum computing

Quantum computing

It will take some time for quantum computers to become powerful enough to break current key exchange algorithms. But does that mean we should ignore the potential future threat? The answer is “No!” for two reasons:

• "Store now, decrypt later" attacks collect confidential encrypted data today and store it until decryption with a quantum computer becomes possible.
• Migrating widely-used, quantum-vulnerable algorithms is a long and complex process that may take more time than the commercialization of high-performance quantum computers. Therefore, it’s important to start preparing for this eventuality now.

There are two different security technologies able to make quantum-vulnerable security architectures safe: 

1. Quantum key distribution (QKD) uses quantum physics to protect privacy and integrity of the key exchange
2. Post-quantum cryptography (PQC) applies complex mathematical problems for encryption. These are too difficult for a quantum computer to solve in a reasonable time. 

However, neither technology is a simple replacement for quantum-vulnerable protocols. QKD adds a sophisticated piece of technology for key generation and requires an optical quantum channel for the transmission of quantum keys. PQC algorithms can run on existing classical computers. But they need much longer keys and significantly higher processing power, exceeding the capabilities of today’s applied processors and protocols.

Making security architectures quantum-safe is a complex task. Based on a detailed understanding of the currently applied security controls, the quantum risk must be assessed, and the technical requirements of mitigating controls must be analyzed. At Adva Network Security, we got started early with developing the expertise required. We implemented PQC algorithms into existing systems and enhanced products with open key interfaces for QKD. In early demonstrations, the practicability was verified, and experience was gained in understanding new risks such as side-channel attacks and implementational shortcomings. Today, Adva Network Security has commercial products backed-up with comprehensive abilities to support critical operations in making their networks quantum safe.

Cloudification and mobility

“Never trust, always verify” is certainly a sensible strategy, especially as a growing share of corporate users and devices connect to data and applications in public clouds. When communication happens outside the secured perimeter of a corporate network, mobile users and cloud-hosted applications compromise the relevance of perimeter protection and move the focus to zero-trust network architectures with stringent authentication and authorization based on least-privilege principles.

A zero-trust architecture seems to suggest that transport network security has less relevance, as critical communication is protected end-to-end at the application layer, even over untrusted networks. But there are several security goals that cannot be achieved with application-layer security and enforcement at the endpoints. Mission-critical services might have stringent availability, latency, and timing requirements, which can only be assured with carefully designed and securely operated networks.

A protected and assured network is a crucial requirement for mission-critical services. Adva Network Security develops protected and resilient solutions for optical transport, business access and hosting of virtualized network functions. The security-certified service staff cover a wide range of services and also handle complete network operations from our NOC. Our quantum-safe ConnectGuard™ security technology will help providers of essential services, operators of critical infrastructure and public authorities to make zero-trust architectures safe and robust. 

In short, geopolitical turmoil, quantum computing and cloudification are having a significant impact on the security landscape. New attack vectors and higher sophistication in adverse action require operators of mission-critical networks to act. Adva Network Security was founded to protect those essential services from any emerging threat with innovative security technology made in Germany.