QuSecure, Inc. (ACN) Earnings Call Transcript & Summary

Well, good morning and afternoon, everybody. We're going to get started now. Welcome to our webinar Securing Space and Connected Ground Networks with Post-Quantum Cryptography. Got a great presentation here for you folks today. So we'll jump in and go over a little background. My name is Skip Sanzeri. I'm Co-Founder and COO at QuSecure. Our charge at QuSecure is to bring post-quantum cybersecurity to government enterprise, and we have specific post-quantum cybersecurity satellite solutions, we'll talk about later in the presentation. One announcement just this week, we were able to collaborate with Accenture on the world's first successful multiorbit data communications test secured with post-quantum cryptography. That was quite an accomplishment by both teams. Quantum computers will enable compute power that we can only dream of, but they'll also provide a platform for bad hackers to disrupt, steal and cause great harm. And in this sense, quantum computers have substantial threats to our way of life here in the U.S. and elsewhere. It's vital that we secure enterprise, civilian government and DoD agencies and we need to prepare now, as you'll see shortly, because of a Harvest Now, Decrypt Later situation. Encrypted data is stolen by bad hackers all the time, and we need to secure that because it adds value over time. Our satellite data is especially at risk. Space is an increasingly important aspect of the U.S. economic and military power. And the U.S. considers the uninhibited freedom to operate in space to be of vital interest. The cyberattack on the space system can result in data loss or theft, widespread disruptions, even permanent loss of a satellite. Cyberattacks can target communications data and the systems that use that data and satellite to satellite communications, satellite to ground, antennas, ground stations, terrestrial networks, user terminals. These are all potentials -- intrusion points for cyber risk. Since the U.S. is more dependent upon satellites than any other nation, a disruption to our satellite infrastructure could be devastating. As we move forward a couple of housekeeping announcements for today, we will have a Q&A session. During the webinar, if you have questions, we'd like you to enter them in the Q&A section at the bottom of your screen, you'll see that there. We're going to hold all of these until the end, so we'll answer with our panelists here as we move forward. Now let's meet our world-class presenters for today. First up, is Tom Patterson. Tom is the Managing Director for Emerging Technology Security and the Accenture Global Quantum Security Leader, including Strategy, Discovery, PQC and QKD at Accenture. He joined Accenture on the leadership team to continue his mission to secure the world's critical infrastructure through the secure application of quantum AIML, 5G and 6G and space technologies. Tom is the lead post-quantum crypto-agility project for our Global 1000 company as well in an earlier life, and he worked on post-quantum cyrpto-agility rollout there. Tom continues to support White House, Congress, Federal Law enforcement and intelligence and counter-intelligence communities and speaks frequently at events such as the World Economic Forum, Davos Cyber Futures and Financial Times and others. Tom served as the National Security. Telecommunications Advisory Committee, where he was point of contact for the last 3 U.S. presidents. Following Tom will be Aaron Moore. Aaron is QuSecure's Executive Vice President of Engineering. And Aaron is responsible for QuSecure's technology vision and delivery. Prior to QuSecure, Aaron ran global intelligent operation programs and developed and managed cutting-edge cybersecurity satellite and AI technologies at DARPA, NRO's Advanced Systems and Technology division, IARPA and the NSA. Aaron was also the Chief Architect of Advanced National Space Systems at Harris Corporation, and he has more than 20 years of senior leadership experience in cyber, artificial intelligence, quantum computing, post-quantum cybersecurity and threat assessments. As CTO for Grumman at the Intelligent Solutions division Aaron developed advanced predictive intelligent algorithms. And as a result, he was inducted in Northrop Grumman's on a role of investors. He was also a special forces operator decorated for heroism in multiple combat tours. Following Aaron is Kris here. Kris is the founder of Rearden Logic, one of the top cybersecurity research groups for the Department of Defense. Kris has performed extensive counter space intelligence analysis and training and is a global network architect for the largest private IP network. Kris was also the Chief Scientist for Northrop Grumman's Advanced Cyber Research Group. And rounding out our list of fantastic presenters is Meg Gleason. Meg is QuSecure's Head of User Experience and Product Adoption. She's an expert in user experience and prior to QuSecure ran a consulting company specializing supporting start-ups, early tech products with a user-centric approach. So let's move ahead in our presentation now, and take a look at some of the issues that we're facing. So we have a large problem in front of us. This is a $100 billion problem actually, larger in some cases, depending on who you ask. There's going to be a large investment in quantum computing as we know and quantum computers can do incredible things for humanity. Unfortunately, we feel that they'll be weaponized well before these applications will come around. And as we said earlier, one of the big threats is this, Steal Now Decrypt Later, where data is being harvested. So any data that's over the airways can be -- those communications channels can be listened and stored. However, at the moment, there -- most of them, hopefully, are encrypted, but quantum computers have the capability to expose that data and do it in a very, very fast fashion. This is due to the fact that they operate on subatomic properties. Next slide, please. And these subatomic properties allow quantum computers to do special things such as handle multivariate data, find global minimums and others. A lot of our encryption is based on factoring, factoring a large number. This is what we use to -- for our encryption over the Internet. That's not a lot different than finding a global minimum. And Peter Shor proved mathematically that quantum computers could break this encryption with not a lot of work. They'll take a giant quantum computer to do it, but one of the things that I'd like everyone to know is that humans are very clever, and we're coming up with ways and more efficient mechanisms than just using 4,099 error-corrected qubits and tangling computers by taking smaller quantum computers and tangling those and running a process across multiple computers is one way to do it. There's hybrid classic solutions that are coming about now. And we're finding even more efficient quantum algorithms are being discovered. Again, quantum computing programming is new and different because you can program with subatomic properties meaning super position, that means that a particle can be in multiple places at the same time and have multiple states. That gives you a lot of ability to handle these sorts of problems, but also leads to all sorts of new programming. There's even reverse multiplication and hybrid constrained solvers. These are all technical terms, but the message here is that there may be ways to do it faster than we all know, and we think this threat -- our team thinks this threat is closer than most. Next slide, please. So today's problem is that as data is harvested and stored, this data has a life span. So if you think of things like banking information, military secrets, health care information, others, they could need to last 25, 50, even 75 years secure. But if we have a quantum computer online, let's say, in 5 or 7 years, or sooner, and it takes a while to upgrade as well, you're looking at that data, having exposure from 20 to 30 to 40 years. So that value is there. This upgrade cycle is going to go across the world. So in other words, all of the cryptography we use has to be upgraded, and this is up to 20 billion devices as well. That's why this problem is immense. Now the U.S. is not standing still. In December, Biden signed a law into effect, the Quantum Cybersecurity Preparedness Act which now is mandating that federal -- all federal agencies start the upgrade process. They need to start assessing their cryptography for post-quantum vulnerabilities. Well, the assessment is going to be pretty straightforward because almost all public key encryption is vulnerable to post-quantum. So -- we can assure that. So -- but at least we have significant movement at federal level and now even at the commercial level. Next slide, please. Industry impact is huge, right? This is all asymmetric keys, which is, again, if you use the Internet, in fact, this exact session is using asymmetric keys. And if somebody is listening in, when they have quantum computer, they could decrypt the session and understand what it is. But we're looking at server systems. Of course, today, we're going to discuss satellite systems. You're looking at, IoT edge devices, billions of billions devices need to be upgraded, and we're finding more and more reports like McKinsey's report here that these are huge industries at risk for quantum attacks. So we are going to have to address this. Next slide, please. I'd like to hand over to Tom now to take us forward and start the presentation from the speakers. Thank you. Go ahead, Tom.

Thanks very much, Skip. Good overview. We'll go to the next slide. Accenture has been very focused for decades in space, maybe more quietly than some of the other leaders. But we are very active in space, including the security of space. We understand its growing importance. We have a great ecosystem of clients and partners that are ready to go take this to the next level. The need for space security can't be overstated right now. I'm going to go to the next slide. The focus is just changing dramatically. We're looking at going -- we're already in a highly congested space with 3,000 or so satellites in orbit. We're looking by the end of this decade to over 100,000 satellites in orbit. That becomes very congested. The other C word there is contested. We're already starting to see issues around contesting the viability of satellites in space. We've seen some of the attacks over the last couple of decades. One of the more recent ones was an attack on a company during the Russian invasion of Ukraine because these satellites are being used in all sorts of ways. So as we see space becoming more contested -- more congested and some of the changes that are happening in addition are going from a silo-based approach where you just -- you put up your satellite, you have your ground station and you send back and forth messages, that's one set of issues. But once now we're moving towards a mesh network in space, where satellites will talk to other satellites, will share information, will share workloads as they go forward. That changes the whole need for security in space. And as Skip mentioned in his opening, one of the things we're seeing around Steal Now Decrypt Later are areas where you need your equipment and your software and your data to stay secure for some number of years going into the future. There's very few companies that are building and launching and operating satellites today. They don't plan on having them be viable over the next 5 or 10 years. And so making sure that they have the right security in space, and you've got -- in the U.S., we've got the White House and Space Force with strong quotes about how essential this is to our way of life. The same thing in Europe, the European Union noting that space has become a strategic domain for all sorts of industries here on earth. So making sure -- is the reason Accenture is involved, making sure that we're doing the very best the world can do in terms of putting the right security into space. That's what we're all about. That's what we're focused on. We'll go to the next slide. So here are some of the things that keep us up at night that we spend time focusing on with our clients. This move from silos to mesh operations in space it's become very real already, and it's become -- going to become massively critical going forward. So when you put something in space, it's going to, by and large, talk to other things that are already in space, and we're going to need to make sure that the security can handle something like that. The threats are compounded in space. We have a much greater threat from nature. Things like sunspots and other things that happen in space much more regularly than they do on the ground. We also have threats now from other satellites moving into your orbit and perhaps feeling things or looking at things or doing other things. And then the threats from the ground stations, which are becoming multipurpose. So you're looking at multi-tenants, where you have some governments use and some private sector use sharing ground stations. All of this just screams out for new and improved security at every level. LEO, low earth orbit satellite, certainly were the quantity of satellites are and will be over the next few years, but also geosynchronous satellites, which we rely on for everything in our lives position, navigation, timing and all sorts of things that we're needing to have stay working. And then finally, this is the year that we really opened up the lunar surface -- the whole cislunar approach starting to send -- private companies sending up things to be built and manufactured on the surface of the moon. All of this tells us that there's a new security norm that's coming in space. And that from Accenture's perspective, we need to work with the best technologies and get them in a way that they can be delivered straight away. Next. So spaces is contested, congested. It's also highly competitive. There may be groups that are not our adversaries, but they are our competitors. And so you're going to look at companies competing against other companies in space and making sure that they have the best chance to win vulnerabilities. Obviously, we've talked on some of that. There's no strong international security norms in the space. We have them on the South Pole, but we don't yet have them in space where we have a lot more activity. Some of the things we've already seen over the past few decades, uplink jamming, down jamming, eavesdropping, but also command intrusion causing satellites to burn up. Denial-of-service attacks, service [ booping ], hijacking. All of these things are real, limited basis, but very real and demonstrable. Going forward, we're looking at organizations creating RF jammers, being able to do all sorts of kinetic things against satellites as we go forward. So there's a lot going on in all 3 of these areas, LEO, GEO and Lunar, as we go forward. So security, again, it's tough in space, but it's about to get a lot tougher. This is the decade that we really need to buckle down and make sure that what we are putting up -- what we're adding to space has a way to defend itself from cyberattacks from -- whether they're coming from ground or from neighbors in space. Next. So we at Accenture are very focused on bringing post-quantum encryption into the mainstream. We have this 8-step strategy that works on ground, works with our clients all over the world, where we start with helping them build a post-quantum encryption strategy, helping them figure out how to discover, what's going on in their enterprise so that they know what needs to be fixed and when, then figuring out the new architectures to go to. There's a number of varieties that we work with, but public key encryption and crypto agility are certainly the leader of the pack right now and then we continue to test the roll out. When we look at this in space, none of this changes, but it becomes even more important because you can't go up and send a repairman into space. Once you launch, you launch. So being able to demonstrate that we can put post-quantum encryption and crypto agility into orbit, into low earth orbit, into geosynchronous orbit and make sure it can work. Going forward, we think is really a huge step forward for where we are as a civilization and something that the reason we wanted to participate in QuSecure's webinar today is to demonstrate that this is something that is for everybody, whether you have something in space today or you just rely on space tomorrow. Next. All right. With that, let me turn it over to Aaron and we'll take questions at the end.

Thanks for that, Tom. So we can go to the next slide. Thanks. So infrastructure-wise, if you look at both the ground segment, space segment, launch segment, wherever in the life cycle of the space enterprise, you have risks, obviously, lots of challenges. Tom talked about a number of them. One of the other big ones that we've got, obviously, is that we've got a lot of legacy birds in space that are still being used for a variety of vital missions supporting IoT devices around the globe, point of sales, in the retail sector, military offloading comms onto commercial infrastructure. Anyway, a lot of those old birds were put up there without a lot of mind for security. So there are vulnerabilities in them. There are supply chain risks, there are software risks, a number of things that can go wrong in space and also on the ground. Lots of ground challenges. So all of the legacy IT people, especially in the government and I'm guilty of it also having sort of 2.5 years of doing this and running very large ground sites, we're very reluctant to migrate to new technologies because what we have worked and currently works, but unfortunately, a lot of it has attack surfaces that are exposed to new things that are being brought into the environment through the supply chain or otherwise. So we have to look at our legacy both in space and both on the ground, especially on how we manage these ground sites and how we manage operations and processing on the spacecraft itself. So next slide. So we've got a lot of history. And you look at this and say, well, look, there's only 5 attacks since 1998, that's not a big threat. Well, this is public literature, right? A lot of things happen in space that are unacknowledged in terms of the threat that is going on both co-orbital threats as well as from the ground. So you have to just look at these and sit back and think about it a little bit more. It's like the NASDAQ, when you see the flash crash. Every once in a while, those flash crash happen, and they're not publicized. And there's a lot of reasons for that. Same thing in space. So what do we have now? We're setting up thousands of spacecraft relative to what we used to. And the increased complexity on those spacecrafts especially with reprogrammable payloads and hosted payloads and sensors on a spacecraft bus that is relatively archaic. If you want to look at it, we're still using 1553 buses. We're still using a lot of CAN bus protocols, polling protocols, a variety of things and the operating systems that run those platforms, they're pretty old. And there are a lot of known vulnerabilities in them. That doesn't even touch on what's being introduced into them through the utilization of commercial technologies and standards. The rush to space to get new sensors, new data to the users has made a lot of people take a lot of risks that the government in the past have seen unnecessary. But because you can make money on it, there's a lot -- a big rush to get these sensors into space without regard to the supply chain that supports those. There's a lot of consolidation of civil and military ground station networks. That's just to make the utilization of what is out there in order to move data more rapidly to sites around the globe. That's also a problem with our shared ground site. NASA has many shared ground sites with other countries in order to do their mission set. So you're bringing in all of these new things that the space community has not been used to for many years, and it's increased our attack surface. So next slide. So what we've tried to do is look at ways in which we could ameliorate those threats. And a lot of it has to do with Zero Trust architectures. I'm sure many of you on this call have heard those crypto agility, can I move back and forth between algorithms as one becomes compromised, but I still want to maintain a secure session. We want to be able to use open source validated algorithms whenever possible to reduce the threat or the attack surface on that software. And then, of course, we want to have the ability to easily integrate it into operations. So what we have got here is the need for an end-to-end solution that's strong, safe established, and you can see these other things that are on there. With control planes, ready deployment and attack detection after defense. Next slide. So in the spacecraft itself, if you look at it, and there's a lot of architectures that you can build internally. For the spacecraft components and subsystems, there's federated architectures, modular architectures, you can go on and on and on. But they all bring different challenges to them. You can try to secure your -- the inside operations of the satellite itself through spatial-temporal mechanisms. But what we're trying to look at is cryptographically separate payload processing from the onboard computer that manages all of the necessary systems for the spacecraft to function. The way it is today, there is a lot of exchange data between subsystems that needs to be looked at very directly and potentially secured through cryptographic means as well as memory being secured cryptographically in case of use by other actors that are on the vehicle itself. So this isn't just inside the vehicle that's co-orbital threat included in this. Next slide. But the big one for the space enterprise is really on the ground. So if you look at the picture behind me, that's ground site that I was the chief engineer at in [indiscernible] in Yorkshire, England, a very large site. You can see we have a lot of ground antennas. We had to -- and hundreds and hundreds of processing systems. But the ground side itself is managed separately than the operational systems. And how that ground site works with its power distribution, the cooling, the heat, all of those things impact. How well we can actually perform mission operations. And then within the mission area itself, you have segmented regions for different functions. Each of those have to interact. How they interact? You guessed it, asymmetric encryption, they use PKI, TLS-1.2, 1.3. In a lot of cases, they're using X.509 certificates. All of these things can be easily broken by an attacker that got inside of these sites. And we're pretty hardened, I would admit that. But if they do get in, it could be catastrophic. On the far right is the antenna systems themselves, the ground terminals, and those have a variety of known terminal vulnerabilities, lots of them are very critical. So you have an end-to-end problem in the space enterprise. Now I'm not even going to get into the launch segment because that's a whole different issue in and of itself. But from ground to space and back, a lot of things need to be secured, and we see that being secured through cryptographic maintenance, especially post-quantum. Next slide. So how we're doing it is we have a post-quantum cryptographic environment that uses algorithms approved by NIST. We have the ability to insert post-quantum cryptographic tunnels or tunnel within TLS and other current legacy protocols, and we have the ability to protect the core networks themselves against cyberattacks in the quantum sense. So all of this is an all-encompassing upgrade to managing post-quantum protection. And with that background, I'll hand it over to Kris Schehr. Next slide, who'll talk to you about our current experimentation that we've done in order to try and secure this entire end-to-end enterprise. Thanks.

Thanks, Aaron. Next slide, please. The team has talked about the large concepts, the large problems and where we're going. What I'll be talking about is how we've actually implemented some experiments to prove that we can do this. So in recent times, QuSecure with partners like Accenture that went through, and we've performed a multiorbital quantum secure layer, quantum resilient links through space. And I'll be laying out how we did that, what those experiments involved and where that leads. So initially -- the first set of experiments were creating a web server and sensor at a remote location. So this will be an example of a remote sensing location much like if we had a radar location that was remote that needed to do an uplink of data from it. That system operated in a typical Quark's operating system with the Quark's web server and a Quark's data source feed. That led into a QSL tunnel that we built through LEO in that example, Starlink terminal, down through into QuEverywhere cloud that tied in over the Internet, who'll allow that secure communications. So QSL link, web server remote, quantum-resilient link that's protecting that. Now the other side of that is now we've got to use that needs to access a secure environment within whatever infrastructure they're in. That could be commercial or that could be government, but we need a quantum-resilient link between that. That's what we did in partnership with Accenture through GEO. And so that was a GEO terminal spinning up an extensible from the remote side that GEO terminal information interface, and then accessing that from a Quark's user device running chrome. This is all using QuEverywhere. So the key takeaways on this is we wrapped the QSL tunnel. Inside the QSL tunnel, we had TLS and a typical web path. Outside the TLS tunnel or outside QSL tunnel, we had both a link that was TLS as well as an IPsec VPN. These were both tested to be analogous type 1 encryptors you see out in the world. The takeaway is that multiple different layers can be placed on these. All of them can be ran over existing infrastructure. If we've got IP connectivity, we can generally do a QSL link whether that's over a GEO, LEO in type or processing. We're moving this from here to there, and we're enhancing it analogous to an upgrade to TLS, that's now quantum-resilient. Next, we're going to be having Meg talk to you about some of the user interface and experience with that solution.

Thanks so much, Kris. It is wonderful to be with you all today. Let me take a couple of minutes to share with you a tool that we here at QuSecure leverage to help people reimagine their cybersecurity posture. But before we jump in, I want to level set for a moment on 2 key paradigm shifts that we have to address when considering the threat of quantum computers. The first one being [ 1 key 1 crypto ] and the second being that security by way of a single algorithm no longer will service in the future. So as we consider these challenges in preparing for post-quantum, we also see that there is a huge opportunity for us to explore new tools that can empower both security and business leaders alike with meaningful insights and controls. Controls that make crypto-agility a reality and ultimately enable greater cyber resilience capabilities for organizations. So for a moment, let's step into the shoes of a network or system administer and considering not so far our future, where we have a dashboard like this one at our finger tips. And at a moment's notice, you can see that your QuProtect system is up and running and that sessions are being protected. You can watch in real time as keys are generated and used to create sessions, enabling new understanding of where and how your organization and your customers are sharing information. Next slide. Next, let's consider the possibility that you can define many different policies that control the way cryptography works within your networks. Here you can see a couple of examples. In this next slide, we can see that as we open up a policy for editing, you're presented with many options to easily configure important controls. A few of the controls, I don't want to point out here are key rotation. You can see that there are a couple of durations that are recommended that ensure that you're using multiple keys rather than a single key for increased security. We also can see over on the right that you have control to enable or disable fallback to TLS, allowing you to align the way that your end users experience works with your particular organization's risk posture. And in the next slide, we can see that with a simple click, crypto agility is no longer a concept but rather a capability at your fingertips and you can use this tool to select which algorithm you want to use to encrypt your sensitive data, be it the NIST standard post-quantum algorithm as recommended here or any of the 3 additional finalists. So very simply, crypto-agility is attained, allowing you to select the post-quantum algorithm that serves you best and recognizing that these will change into the future giving you flexibility to adapt. Next slide, please. Now consider the ability to add and manage and monitor clients to ensure that they are functioning post-quantum safe connections to all end devices. In this example, we can see that we have a couple of proxies on servers that are up and running. We've got an app that's up and running browser-based there. And then 2 satellites. We've got our LEO satellite, which is connected with our GEO satellite on standby. Now if something were to change, you will not have to wait. You can see in real time as things update, so you're not left in a reactive mode, but rather proactive. Next slide. So in this simulated threat demonstration, we see that something has changed. Our LEO satellite has now disconnected, and the GEO satellite that was previously on standby is now up and running. And it's a little bit more than this. You can see the threat is changed, but there is more information to be shared. So if we see the next slide, we get information from our active threat intelligence over, letting us know what happened here. You get the sense that a threat was detected with the LEO satellite and preemptively due to a predefined policy, it was disconnected. And as a remediation effort, a failover policy from LEO to GEO was implemented, bringing that GEO satellite back online. And in the next slide, we can see that you can gain even more insights into this type of threat and information on key indicators of compromise when it connects to tools like Accenture's IntelGraph. I hope you've enjoyed this demonstration and see the possibilities for how you can reimagine your cryptographic policies and clients and see that we at QuSecure are working to put the information and tools into hands of security leaders to protect your critical data into the future. Thanks so much. I'll pass it back to Skip for Q&A.

Great. Thank you, Meg, and thanks to all of our presenters today, Tom, Aaron, Kris, Meg fantastic. Hopefully, this was good. We have some questions now. And there's a first -- one of the first questions was, will we have a recording of this available? Yes. If you check our website by end of week, we'll have the recording up, so feel free to share this with your co-workers and others, and we'll -- we should have that by Friday. Okay. We have some questions here. So let's start with this one. Scott says, would love to hear more about QuSecure's QKD implementation. Aaron, why don't you grab this one, terrestrial only at the kind of part were you using at the endpoints and what's the max operating distance today. I know it's -- we're using post-quantum cyber versus QKD, but go ahead, Aaron.

Yes. So we are a software implementation. We do not rely on QKD as such. The quantum parts of our solution include the quantum random number generator card that we use to develop the entropy -- to create entropy to develop the keys that we then use for the encryption process. So it's a PCIe card, it draws about 80 watts. We also have a software harnessed. So that we're not tied to that particular quantum random number generator. We can use whatever is on the market. It's just a matter of building the drivers or using the drivers in our system, similar to the algorithms. We're on a software harness that we can add or take off algorithms as necessary. So our solution is a software solution, not the QKD implementation.

Yes. So that is -- what Aaron is saying is quantum key distribution uses entanglement, it's very hardware-intensive, it's still being proven. It's a wonderful form of security because entanglement is truly a subatomic property that cannot be broken but it's not ready. And especially for satellite space, satellites would have to go up with this hardware, and I know that's a big investment and a lot to do. There have been companies that have started, gotten funded to do that and have been -- stopped that exercise due to the risk and the rest of it. Let's keep going on some questions here. Tom, I've got one for you. How long in your estimation before a quantum computer with enough power is online to crack encryption.

What's interesting, it was just a second question that came up instead of the first question that always arises, which is the magic number of when. We don't know. Nobody knows exactly. What I'd point to is the group that knows the most, which is the U.S. federal government, that's the best insight into what our adversaries are doing. It's the best insight in terms of what our science and technology groups are doing and understands the -- both the vulnerability to existing networks and the complexity and the time it's required to actually make a change to something like this. They're the ones that are saying, go, go now. So even in the latest, I guess, earlier this month, the White House's new National Strategy for Cybersecurity came out with paragraphs on quantum computing. And they said, for the U.S. government, you must start now. And the last paragraph was, and for everybody else that's in a critical sector, we really recommend you follow along. So again, having done this a few times in a row, I can tell you, it's not trivial to make a change to discover where your vulnerable encryption is and to come up with the new architecture and then to go out and make the changes. When we did this as a society a while back, when we went from DES to the next -- to the AES, it was about a decade to really get everybody moved over and even still there are stragglers that are just in [ triple DES ], don't you worry. This is a big problem, and that's why at Accenture, we're working with our clients around the world for them to get started now. Regardless of where that is in their journey, but at least understand the problem with strategy, at least start to discover where your vulnerabilities are, apply them to your risk matrix. And then you can sort of see what you need to put into your 5-year plan and when -- and I think that's -- right now, it's a fiduciary responsibility for organizations around the world.

Great. Thank you, Tom. Next one, I'll ask Kris and Aaron to jump in on this. Jeff asked a question about how receptive are satellite manufacturers to retrofitting your software into current operating satellites and then installing new satellites during manufacture.

So I'm not at liberty right now to mention the exact companies, but we are working with a couple of very large satellite providers in both LEO and GEO to do just that. They're very interested in it because they see the danger that is their customers are exposed to as well as their own enterprise. So they're very receptive at this moment.

And a key data point that you pulled on there in your question is the looking at retrofitting areas where we can take existing resources that are on orbit and through software patches or through unique subsystems allowing to the quantum resilience without requiring a new launch is a specific interest.

Okay. And I would even add, Kris, and Tom, for the test that we did on LEO and GEO, no changes to any of the satellites -- sorry, in flight satellites, correct?

Yes. So we can secure current satellites, the uplink as well as the downlink or cross-links. We can tunnel, as Kris touched on inside SSL, TLS, what have you. The way our system works is that we grab the data that your application produces, we encrypt it and then we hand it off to the communications or subsystems. They can then encrypt over it and then modulate it and send it out. So we do not affect the current architecture whatsoever. There is some latency. We -- the test that Kris showed you, the demonstration from Maryland to Colorado, to LEO and back was 136 milliseconds. So our overhead is not massive. There is a little bit, as you would expect, for a more advanced cryptographic algorithm, but it is not debilitating in any sense of the word.

And the fact that this was done with software using birds that are already in the air, I thought was really important as a thing that we wanted to demonstrate the vast majority of things that need to be protected exist today. And so there's some that are being launched this year, some will be launched next year that are currently in the build phase. But right now, the way to defend them against at least the Steal Now Decrypt Later types of approaches for sensitive types of missions, that exists now. We demonstrated that just with software -- just with the software push. And as we go forward, there's lots of more interesting additional things that are able to be done as we start to build more security into the things that are going to be flying -- like I said before, we're going to go from 3,000 to 100,000 things in the air over the rest of this decade. And also importantly, they're coming from a very big variety of vendors. So it used to be NASA and SpaceX and that was it. There is our marketplace. Now we're looking at literally hundreds of companies that are involved in this space ecosystem that are launching things over the next couple of years. Finding ways for them to be secure is really critical. And the best way to do that right now is to add crypto agility into their mix. So that no matter what happens tomorrow, they can click a button, as you saw on Meg's mockup, click a button and automatically switch to the right encryption algorithm. So a lot of capability today. And then we are also at Accenture very interested in proving out the quantum key distribution capabilities, both on earth and in space over time. But in terms of what we can to protect today, we believe that a software implementation of crypto agility goes a very far away into defending space.

Thank you, Tom, Kris, Aaron. Tom, you're right. I mean if you think about how many satellites are going up, this is really one of the few ways that these could all be protected as the software has to scale and has to be easily distributable. Let's talk about crypto agility for a second. Aaron, you mentioned that earlier -- maybe explained that. there's a question on this that says, please explain crypto agility. Does it include the agility to switch between existing crypto and quantum? Are you speaking of just the quantum algorithms.

It includes both. So we can fall back to existing crypto algorithms as well as the different flavors of the post-quantum resilient algorithms. But it also goes a little bit beyond that because we can manage the number of bits in the keys like Megan was talking about in the control plane. So if you want to go from 128 to 256, that's fine. We can -- our control plane allows that. Key rotation policies so we can roll keys. In fact, we can produce up to 60,000 post-quantum resilient keys a second. That's pretty good. So we have that ability inside the control plane to allow those policies to go forward. Another part of crypto agility is a lot of the hardware that's in your systems may not be able to process certain links of keys. So you may want to have a post-quantum resilient algorithm, for example, where we're using Kyber, while there's 3 flavors of Kyber, 128, 256, 512. And you might want to only use the 128-bit key link because your hardware constraints require that. So you can still be post quantum on an older processor. The other thing we talked about a little bit about the latency in that link. But if you look at this, they've done studies with these algorithms that show you're talking for encryption and decryption operations on the CPU is about 11 to 13 milliseconds depending on the bit length of the key that you're trying to process. And that was done on a Cortex 4 168 millihertz processor. A lot of the processors in space like BAE RAD 750 they run up to 200 megahertz. So can you run it on old hardened processors? Absolutely. So that's all part of crypto agility too. We're not just looking at the algorithm movement, we're looking at how the infrastructure plays, how the policy works and all of the various things.

And Skip, if I can just add 1 more perspective on Aaron's good explanation. One of the things that Meg showed in sort of the art of the possible section is something that we're working on here at Accenture, which is really tying in the proactivity of crypto agility. It's not just a matter of, oh, my goodness, something happens, let's switch to something else. We think we can tie in indicators of compromise to come out of the better threat systems around the world. So that if you start to see anything that would indicate a potential compromise, you have the ability to, with the press of a button or just with setting your policy to automatically rotate to a more defensible position with your algorithm, your choice of key length and pretty much every aspect of cryptography. So we think that's something that's also going to be very important, especially for large organizations that are looking at a wide variety of threats. We've seen where indicators of compromise have come up relative to satellites and the satellite operators that said, "Oh, well, nothing I can do. We want to get past that as a society and give them something they can do better defend themselves.

Thanks, Tom. Yes, one more thing on crypto agility as well is, with the NIST algorithms, this is new math. And we've already seen that some of the algorithms that we're nearing finalist level were already hacked, one was [indiscernible] was hacked with a laptop about 30 minutes. So because of how new these are, they need to be proved out. So crypto agility is key, the ability to continually switch to things that will work for the organization even and as a precursor like Tom said. Kris, for you, question is, do you see anything different with these communications -- quantum communications between LEO, MEO, and GEO orbits, is there anything to think about there?

We need to keep in mind the additional latency we have by the pure geographical transfer rates as well as the geometries of in-orbits are a function. However, those are classic problems that we're sorting out on any communication link. So the quantum-resilient communications on there beyond just keeping in mind and making sure our windows handle the additional latency which we have designed for. I don't expect it to be a major problem.

Great. Thank you. Some more questions have come up now. There's a question about a virtual desk. I'll give that to Aaron maybe or Tom. I'm not sure the virtual desk is, but it says what's the best way when the network itself has been hacked. I'll leave that or Kris, maybe that's good for you.

So we do keep our command control and I'm a little vague on the virtual desk, too. So please have additional detail in the chat if I missed you on this. But we keep our command control separate from the channel that would be attacked. So our data payload channel is separate from the command control channel. Therefore, attacks that are identified on the production traffic flow can be related through that secondary channel.

Great. Thank you on that. [ Nino ] says we need to start 5 years ago, Accenture great solutions. Yes, thank you. That's fantastic. Okay. Let's keep going, another one from Lowell, and I'd say this for Aaron and Kris. With respect to space, do you have cybersecurity concerns related to compute speeds being impacted by gravity and general relativity.

Well, I'm going to lean on [indiscernible] if he's got the better theoretical physics on that, but I can tell you that we've definitely done testing with variations in compute speed, including during compute flow for just general green aspects. And so those will be much more macro than I'd expect to see from relativistic effects. So I don't see any large concerns there today. Aaron Moore over to you.

No, not today anyway. Maybe if we get out past Mars or some place then we'd have to provide.

Great. Aaron, probably for you and Kris as a backup. There's a question we answered partially before about securing existing satellites downlinks and inter-satellite links with QSL. There's a question there. Is it done through software upgrades from the ground, which I'll let you guys answer. Then there's a follow-on [indiscernible] and any hardware necessary to support that.

So yes, we do -- well, we have to add our software to the system in order to build the quantum secure layer as well as generate the keys. The -- as I mentioned, the only piece of hardware in our solution is a QRNG card, and that's to provide us with enough entropy to generate a post-quantum secure or resilient key, but that's really the only hardware we operate with. For the management system itself, it's classical, regular [indiscernible] server. So it's nothing that you don't have already probably in your data center or on your ground site that our software would be able to be put into. And the only thing I'd add to that is if we get an [ ARM core ] present, it's even easier to port over to some of these on-orbit solutions.

Just to highlight, the QRNG that [ Emma ] mentions is the quantum random number generator capability that is a piece of hardware that needs to be available. It doesn't always need to be available directly in your ground station, but it needs to be available to the ground station.

Thank you, Tom. Let's see Kris and Aaron. Has there been progress converging cyber and electronic warfare space-based satellites?

Feel free to hit us on the good channel. and I'll discuss that.

Yes, maybe Byron if you drop e-mail in there, we'll address you on that one. That would be great. Tom, another question for you. Can you cover the first steps we should think about when considering how to upgrade to [indiscernible].

Yes. There's a lot that goes in. What we do traditionally is we start just by asking the same questions that these organizations are already getting asked. Is it real? Does it affect me? What I do about it? How much it would cost to do it? How long will it take? When do I have to start? Getting to those questions to really help build a consensus around the organization's post-quantum strategy is really important. You can't really jump the line. You have to have thought through what your strategy is going to be, who's in charge, what is the organizational metrics look like? How are you going to do it. Then you get into the discovery phase, so you understand the enormity of your problem. Then you can get into an architecture phase where you can try and figure out what's the best way, maybe we wait for this. So we work on that. I do have a lot of people who come up and say, well, until NIST is done, I'm just going to do nothing. And crypto agility gives you an alternative that's much safer today, which is to put in the best the world has today and the ability to automatically rotate it into tomorrow. So those are the steps that we focus on, on our initial strategy phase. It doesn't take that long to go through, work with the client, what they have and where they're headed. But then we have a very detailed plan of action that an organization can take with them that. It will help them figure out what discovery looks like. And only then can they put that into their 5-year plan of what should we do first, what should we do second.

Great. Tom, thank you. And I would add what Tom said, with QuSecure, we're focused on being able to have the stackers compatibility so you keep the existing cryptography, whether it's in the network, it's through satellites to the edge, it doesn't matter in all states. And then QuSecure provides an extra layer of quantum protection with the existing encryption still in place. So it's a double layer of protection, which is important because you're not having to take out in risk the old encryption. You leave it there and you add to it, and that's where we're trying to get these communications secured. So we are at the hour. I want to thank everybody for joining today. Thanks so much for joining us on this track here. I wanted to thank our wonderful panelist speakers today for all of the great insight. Any follow-up necessary, if anyone wants to get to us to have further, e-mail address is on the screen. You can send me an e-mail, I'll make sure we route it to the right folks. And we have more webinars coming up. We'll be announcing one soon. Thank you so much. This will be available end of week on our website. Thanks again, everybody.