In an opinion seen by EUROPE on Tuesday 7 June, the EU Council Security Committee (CSC) calls for strengthened governance of quantum key distribution (QKD) technologies that “appropriately” reflects the role and competences of Member States and the EU Council in approving cryptographic products.
On 22 February this year, the Security Committee was asked by the EU Council’s ‘Space’ Working Group to decide on a series of security-related issues (see EUROPE 12956/18, 12956/18). This Committee delivered its opinion on 25 May.
This opinion addresses four main issues: - the integration of the European Quantum Communication Infrastructure (EuroQCI); - the creation of EU classified information by the European Space Agency (ESA); - the issue of accreditation; - the competent authority for secure connectivity.
On the first issue, the Committee believes that quantum key distribution - the term for the quantum cryptographic protocol, a supposedly tamper-proof technology for exchanging secret information over a channel - can be covered by the Secure Connectivity constellation programme, but needs to be accompanied by enhanced governance that appropriately reflects the role and competences of Member States and the EU Council in approving cryptographic products, as set out in the Council’s security rules (Decision 2013/488/EU).
However, the Committee believes that this technology is unlikely to be mature by the end of the programme. It therefore proposes to amend the text to specify that QKD is “one of the other technologies” that could enable secure quantum cryptography.
The Committee supports the idea that post-quantum cryptography (i.e. technologies to protect against threats from quantum technologies) is a way forward to counter quantum threats. The key is to give a positive signal to the industry to continue to develop and invest in quantum resistor technologies, it says.
With regard to the publication of EU classified information (EUCI) by ESA, the Committee says that the 2008 EU-ESA agreement should be revised to introduce a dedicated provision for this type of information. For matters related to accreditation, the Committee rules that this should be the responsibility of the EU Space Programme Agency (EUSPA).
Finally, regarding the designation of the competent authority at national level responsible for secure connectivity, the opinion stresses that this is a national competence and recommends mobilising an existing authority rather than creating a new one.
To access the Committee’s opinion: https://aeur.eu/f/1z0 (Original version in French by Pascal Hansens)