In the digital knowledge economy, as the value of information increases so does the importance of maintaining the security of that information. Business, the state and society are becoming ever more dependent on electronic information exchange such as email and the internet, but with that dependency comes the danger of complacency.

It is vital therefore that we recognise not only the efficiency and productivity that electronic communication can deliver, but also stay alert and mindful of the potential risks. The Cambridge-MIT Institute is funding collaborative projects and initiatives to catalyse the cross-sector collaboration required if new secure applications such quantum cryptography are to be commercially exploited, and if new security threats such as denial of service attacks are to be contained.

Securing Information Exchange

The Cambridge-MIT Institute and Thales, a market leader in the process of information security, began collaborating in 2005 to establish whether a different approach is needed to tackle the growing security threats faced by business and society. The Internet Security Group has since brought together senior representatives from business, academia and government for a wide-ranging exploration of the potential for a coordinated tri-partite approach to information security. Participating organisations have included GCHQ, the Cabinet Office, and the Association of Payment Clearing Service (APACS). Together with other participating organisations, this group has been considering how electronic information exchange fits into their organisation’s business model, and the impact that a breach in security could have both in terms of financial impact and consumer confidence.

Combating Internet Crime

Criminal activity on the internet is proving difficult for traditional law enforcement agencies to monitor and police. In 2004, the Cambridge-MIT Institute founded the Communications Research Network (CRN), to map and shape the future communications industry. The Network has since spun-out from the Cambridge-MIT Institute as a not-for-profit company, limited by guarantee. One of the CRN’s portfolio of working groups is devoted to Critical Infrastructure Protection. It brings together equipment vendors, network operators, end-users, industry technologists and academic researchers to consider the extent of the internet’s security problems, the economic and operational effects, and anticipate the next big threat.

The group has been working collaboratively on identifying ways to combat Denial of Service (DoS) attacks, where networks and systems are brought down by a flood of emails. The emails are sent by computers with security failures that, unknown to their owners, have allowed criminals operating on the net to install malicious software and take control. Estimates of the number of computers used in this way vary, but most tend to range in the tens of millions. The scale of the resulting DoS attacks is also notoriously difficult to assess, because many attacks are simply not reported because the organisations that fall victim fear transparency on their part may undermine client confidence in their security.

One of the Communications Research Network’s key recommendations is for the establishment of a central database where companies and individuals can log internet criminal activity anonymously, thereby allowing the communications industry, regulators and law enforcement agencies to assess the scale of the problem and identify patterns of attack. "Criminal activity on the internet should be a notifiable event, with anonymous registration on a central database," says CRN Chairman, David Cleevely. "It's important to remember that there are more of us good guys than there are bad guys. The more we share information between us, the more we stay ahead of the game."

Standards for Secure Communication

The development of large, efficient markets for new technologies is predicated on standards that protect buyers and sellers of equipment and services, and also lower the barriers to market entry by subsequent innovators. Quantum cryptography - an emerging technology for secure data communication and the most commercially mature quantum application - will soon need to conform to existing higher-level standards. However, as yet there are no widely accepted standards for either the quantum cryptographic network, nor for the protocols that underpin data security.

The Cambridge-MIT Institute has been funding quantum research since 2002, and in 2005 built on that research by founding the Quantum Technologies Group (QTG). This transatlantic community of pioneering academics and industrial technologists have recently collaborated with the US National Institute for Standards and Technology to convene a cross-sector group to identify industry standards for quantum information processing – essential to the future commercial prospects of this revolutionary new technology. Participating organisations include Toshiba, Hitachi, Quantum Information Partners, Thales, the Department of Trade and Industry and MagiQ.