In The Arena by TechArena - Protecting Against Quantum Cybersecurity Threats with Winbond
Episode Date: January 21, 2025In this In the Arena episode, Winbond’s Jun Kawaguchi discusses their industry-leading strategies for tackling next-gen cybersecurity threats, ensuring robust protection for the future. ...
Transcript
Discussion (0)
Welcome to the Tech Arena,
featuring authentic discussions between
tech's leading innovators and our host, Alison Klein.
Now, let's step into the arena.
Welcome in the arena.
My name is Alison Klein, and I am so delighted today to be
joined by Jun Kawagachi, Marketing Executive with Winbond. Welcome to the program, Jun. How are you
doing today? Very good. I'm glad to be here. Hopefully, I'll be able to share some of my
insights into the specific security markets. Yeah, and we're so excited to have Winbond on
the program. It's the first time that you've been on the show. And Winbon is known as a leader in the security arena.
Can you share a bit of your history in that arena and how Winbon came to the position that it's at today?
So Winbon has been one of the key flash memory suppliers into different segments, consumer, automotive, industrial, and so forth.
And they did make a decision to invest in the security segment
much earlier than our competition. So they've built up a family of products and also built up
some expertise in terms of solving different security needs in the markets. Now, the topic
today is around increased government regulation around the world and how that intercepts with security. Before we get
started into the technology details, can you just take a step back and provide us a perspective
across different markets on where we're at with government regulation? Sure. In the past, the
security aspect, it was not a great concern, let's say five years, 10 years ago. But especially recently, there's been a lot
of cyber attacks, either by individuals or like a state-sponsored organizations. And you might have
seen this on different media, right? Like a large-scale cyber attacks, infrastructure attacks,
and so forth. There's been an increasingly focus on making sure that the systems, whether it's individuals or corporations,
infrastructure, are well protected. Just recently, there was an article about the TP-Link. It is like
a commercial consumer routers that was compromised by a large number, like in the millions. And that
could be a great threat because adversaries can collectively harness these devices all over the world and then initiate an attack on some targets.
Now, obviously, this is a space that people watch very closely and is always going through a lot of dynamics in terms of changes of threats.
How do you see this threat landscape changing in 2025?
I think there's a lot more at stake. You've seen
infrastructure systems that's been deployed, and every day there's an attack or attempt to attack
these systems on a daily basis. So setting some kind of a guideline and requirements to make sure
that all of these systems are protected is important. As you can imagine, 20 years ago,
the personal computer was still very
new. Nobody really had the concept of putting an antivirus software on it. But today, I don't think
you could find a system without one, right? So we're in the same kind of situation with embedded
systems where there needs to be some kind of protection across the board.
Now, when you think about this threat landscape, one thing that comes to mind is that often people think of bad actors as individuals, but sometimes threats can come from nation states. And we've seen that play out in the news. How does that change the response and preparedness of different organizations to potential threats? Sure. So it's all about what is at stake. Individuals might do for fun, but then they get
old. Now, if the compromise does gain financially, politically, and so forth, then it is well worth
the effort and the expenses for the adversaries to do it. And then we're at the stage where there's
a great deal of risk and for the adversaries potentially a reward. So that's the situation.
And you've seen, especially in the recent year or two,
there's been so many conflicts around the world.
This is becoming even more of a concern.
Now, when you think about the impacts,
a lot of folks have focused on the consumer side of impact in terms of threats,
but there's obviously threats across business and consumer.
How do you look at that that and how do you see the
interplay between those two things? I think for one thing, individual or targeted attacks to
institutions, for example, banking systems, right, that have obviously returned for it.
But now with the state-sponsored adversaries, they don't really need to gain anything financially or
directly. But by damaging the target, that in itself is a reward.
So that's going to be a threat. In terms of actual attacks and then methods, it's always very
similar. You have a target systems, whether it be running standard kind of a PC type solution
embedded, but they're all connected. Typically an attack is done remotely through the internet,
of course, rather than a physical one, for example,
by entering in sight during the kind of mission possible type of scenario.
Nice. Now, I'm surprised we got this far into the interview without bringing up the topic of AI.
AI is obviously a very impactful tool in terms of doing a lot of good in the world, but it also has
an opportunity to give new capabilities to bad actors. How do
you see that impacting this space? AI basically would provide a new method and a scheme to make
an attack. So that's one aspect of it. Obviously, there's a lot of very talented adversaries
working to penetrate different systems, but using different AI techniques, and it can basically leverage and enhance their
techniques. On the other hand, as we see more AI being deployed, and AI involves a lot of learning,
and by learning means a lot of big data, and then data is a valuable thing. So there would be
another risk in terms of how to capture and then scale these vast databases of learning models.
Thank you so much for setting the landscape of the challenges present in our environment and what's coming.
How does Winbon address these with your solutions?
We've been offering different security solutions for some time, and typically this is for embedded
systems.
We're also developing a new solution, which is PQC or quantum safe. I'll talk a lot
about the quantum, but this certainly would give better protection, especially for the government
type infrastructure solutions, where once the system's installed, you might not upgrade the
system for another 10 years. And in 10 years, who knows what kind of an advanced computing
capability is available, right? So right now, the guideline is to be quantum safe because quantum computer is actually coming,
which is able to crack the conventional encryption fairly easily.
Now, when you think about quantum, and I'm glad that you brought it up,
the first use case that's being mentioned for quantum is crypto keys and keeping security safe from bad
actors tapping quantum computing. Why is that the case? So without going into too much detail on the
actual mechanics of quantum computing, quantum computer cannot entirely replace a conventional
PC, but it is very good in doing certain things. And one of the things they're good at is to decrypt and basically
crack an encryption. That's where the threat lies. Conventionally, when an encryption, it takes a
quote-unquote a lifetime of the universe to crack, and then that is considered safe enough. But
suddenly the lifetime has been accelerated a great deal with the quantum computer. So that's the
threat now. And then there are ways to protect
the systems from the quantum computer attacks. But once again, these security schemes need to
be deployed and the conventional encryption and security method may become obsolete very soon.
Now, how have you embedded an approach to solve this within your new solution?
Yeah, so there are different algorithms
in terms of making encryption. A lot of the conventional schemes are based on more of a
classical encryption, and that still is vulnerable to these new quantum techniques. There are
different algorithms, entirely different algorithms that is made to be more secure.
I won't go into too much detail because then that'll be a
course by itself. But yeah, there are different techniques and new techniques that can be deployed
to be more of a quantum safe. When you think about the market in 2025, who would be your
typical customer and what has the response been to the new solutions you've brought to market?
So many of the government systems, I think, are going to require a quantum safe security.
Financial systems, for obvious reasons, need the most stringent and the toughest encryption and security schemes as well.
So these are the two.
Another one is infrastructure, because once an infrastructure system gets deployed,
let's say a train control
system or like power control system, once it gets deployed, you won't upgrade the system for five,
10 years, right? 10 years or longer. Now what's going to happen 10 years from now? Is there going
to be a new encryption and decryption security crack methods? We don't know. So it's important to deploy the most secure method
today, even though you might consider an overkill at the time. You don't want it to be too late
because then redeploying is going to be very expensive. When you think about the portfolio
of solutions, you talked about embedded solutions. Why is it so important to have those solutions on
embedded equipment?
Because embedded systems will be deployed and in great numbers. For PC, you can have an OS update, for example, so then the entire system can be upgraded fairly uniformly. Embedded system,
you know, each system is unique and implementation is different. So this is some of the challenges.
And then if you compare to the standard PC systems, the embedded systems are deployed in much greater numbers.
For example, the infrastructure systems,
these might use a very specialized kind of hardware.
So this is where our secure memory, for example,
products can be deployed very effectively
without designing from the ground up.
Now, June, obviously 2025 just started.
You're heading into the year with a lot of
momentum. What can we look forward to from WinBond in 2025? And what are you excited about to see
in the broader market? So our secure solutions, we've made a recent announcement, but we do plan
to continue on with new product developments and new product announcements throughout the year.
We do offer probably the broadest live product line
on security memory products.
You can certainly expect for WinBond
to make more news throughout the year.
Thank you so much for sharing all of this exciting news,
as well as a great primer on the security landscape.
I really appreciated the conversation.
Where can folks find out more about WinBond
and the solutions we talked about today?
Certainly come visit our website and winbond.com.
There are dedicated sections on the secure memory.
So there's a lot of information you can access and learn from.
Awesome.
Thank you so much, June.
It was a real pleasure.
We'd love to have you back on in the near future.
Thank you.
Thanks for joining the Tech Arena. Subscribe and engage at our website,
thetecharena.net. All content is copyright by the Tech Arena.