In the contemporary digital age, Quantum Computing and Artificial Intelligence (AI) convergence is reshaping the cyber landscape, introducing both unprecedented opportunities and potential vulnerabilities. This research, conducted over five years, delves into the cybersecurity implications of this convergence, with a particular focus on AI/Natural Language Processing (NLP) models and quantum cryptographic protocols, notably the BB84 method and specific NIST-approved algorithms. Utilising Python and C++ as primary computational tools, the study employs a “red teaming” approach, simulating potential cyber-attacks to assess the robustness of quantum security measures. Preliminary research over 12 months laid the groundwork, which this study seeks to expand upon, aiming to translate theoretical insights into actionable, real-world cybersecurity solutions. Located at the University of Oxford’s technology precinct, the research benefits from state-of-the-art infrastructure and a rich collaborative environment. The study’s overarching goal is to ensure that as the digital world transitions to quantum-enhanced operations, it remains resilient against AI-driven cyber threats. The research aims to foster a safer, quantum-ready digital future through iterative testing, feedback integration, and continuous improvement. The findings are intended for broad dissemination, ensuring that the knowledge benefits academia and the global community, emphasising the responsible and secure harnessing of quantum technology.
One of the most burning topics in cybersecurity in 2023 will undoubtedly be the compliance with the Software Bill of Materials. Since the US president issued the Executive Order 14028 on Improving the Nation’s Cybersecurity, software developers have prepared and bills are transmitted to vendors, customers, and users, but they don’t know what to do with the reports they are getting. In addition, since software developers have identified the values of the Software Bill of Materials, they have been using the reports extensively. This article presents an estimate of 270 million requests per month, just from form one popular tool to one vulnerability index. This number is expected to double every year and a half. This simple estimate explains the urgency for automating the process. We propose solutions based on artificial intelligence and machine learning, and we base our tools on the existing FAIR principles (Findable, Accessible, Interoperable, and Reusable). This methodology is supported with a case study research and Grounded theory, for categorising data into axis, and for verifying the values of the tools with experts in the field. We showcase how to create, and share Vulnerability Exploitability eXchange data, and automate the Software Bill of Materials compliance process with AI models and a unified computational framework combining solutions for the following problems: (1) the data utilisation problem, (2) the automation and scaling problem, (3) the naming problem, (4) the alignment problem, (5) the pedigree, and provenance problem, and many other problems that are on the top of mind for many security engineers at present. The uptake of these findings will depend on collaborations with government and industry, and on the availability and the ease of use of automated tools.
The first cryptocurrency was invested in 2008/09, but the Blockchain-Web3 concept is still in its infancy, and the cyber risk is constantly changing. Our cybersecurity should also be adapting to these changes to ensure security of personal data and continuation of business for organisations. This review paper starts with a comparison of existing cybersecurity standards and regulations from the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO) - ISO27001, followed by a discussion on more specific and recent standards and regulations, such as the Markets in Crypto-Assets Regulation (MiCA), Committee on Payments and Market Infrastructures and the International Organisation of Securities Commissions (CPMI-IOSCO), and more general cryptography and post-quantum cryptography, in the context of cybersecurity. These topics are followed up by a review of recent technical reports on cyber risk/security and a discussion on cloud security questions. Comparison of Blockchain cyber risk is also performed on the recent EU standards on cyber security, including European Cybersecurity Certification Scheme (EUCS) – cloud, and additional US standards – The National Vulnerability Database (NVD) Common Vulnerability Scoring System (CVSS). The study includes a review of Blockchain endpoint security, and new technologies e.g., IoT. The research methodology applied is a review and case study analysing secondary data on cybersecurity. The research significance is the integration of knowledge from the United States (US), the European Union (EU), the United Kingdom (UK), and international standards and frameworks on cybersecurity that can be alighted to new Blockchain projects. The results show that cybersecurity standards are not designed in close cooperation between the two major western blocks - US and EU. In addition, while the US is still leading in this area, the security standards for cryptocurrencies, internet-of-things, and blockchain technologies have not evolved as fast as the technologies have. The key finding from this study is that although the crypto market has grown into a multi-trillion industry, the crypto market has also lost over 70% since its peak, causing significant financial loss for individuals and cooperation’s. Despite this significant impact to individuals and society, cybersecurity standards and financial governance regulations are still in their infancy.