Kicking the quantum cybersecurity can down the road my be a potentially devastating delay tactic, a team of cybersecurity experts and quantum information scientists warn.
While current quantum computers may not be a threat to data now, a new Booz Allen Hamilton report is suggesting that hackers, particularly Chinese hackers, could steal encrypted data now and then use quantum computers to hack those messages in the future.
“While quantum may not pose a direct threat to most organizations for at least a decade, deploying certain critical mitigations like post-quantum encryption will also likely take at least a decade,” Booz Allen’s Head of Strategic Cyber Threat Intelligence Nate Beach-Westmoreland told Nextgov. “This demands that strategies be developed and resources be aligned now in order to prepare.”
According to the report, experts predict that spies will likely steal data that could be used to feed quantum simulations. While the chances are small that quantum computers can break current generation encryption before 2030, certain encrypted data which will retain value over time — such as biometric markers, covert source identities, Social Security numbers, and weapons’ designs — could be stolen now with aims to eventually decrypt it using next-generation quantum computers.
The report states that the trajectory of quantum computing research and development suggests that while the practical uses of devices are limited today, in the coming decades “quantum computers will likely revolutionize numerous industries—from pharmaceuticals to materials science—and eventually undermine all popular current public-key encryption methods, and plausibly boost the speed and power of artificial intelligence (AI).”
The report covers the state of quantum-computing maturity globally and possible quantum-computing uses and their development timeframes. It particularly calls out the development of China as a major player in quantum computing and assesses the influence of the uses on Chinese threat activity.
According to the report: “Many organizational leaders and chief information security officers (CISO) lack insight into the practical importance of quantum computing and how to manage related risks. They don’t know how and when the technology might become useful—and how it might shape the behavior of threat actors such as China, a persistent cyber adversary of government and commercial organizations globally and a major developer of quantum-computing technology.”
Duncan Jones, head of quantum cybersecurity for Cambridge Quantum, said the report was timely and should serve to alert businesses of the approaching disruptive possibilities — positive and negative — of quantum technology.
“China recognises data is cheap to store and vulnerable to quantum attacks in the future,” said Jones. “Companies who dismiss this threat as science fiction are taking an existential risk. We have to recognise quantum is here to stay, and embrace the positives and negatives this brings to cybersecurity.”
Cambridge Quantum (TQI: Cambridge Quantum) has been at the forefront of this quantum challenge, developing IronBridge, cryptographic key generation platform that employs quantum computers to generate quantum-enhanced cryptographic keys.
Booz Allen offers several tactics to manage the risks associated with quantum computers’ influence on Chinese cyber threats. Company experts recommend conducting threat modeling to assess changes to organizational risk and developing an organizational strategy for deploying post-quantum encryption. They add that educating personnel and staying informed is another crucial tactic.
Booz Allen gathered information and wrote the report during a multi-month collaborative effort, Beach-Westmoreland told NextGov. The collaboration included the firm’s experts in threat intelligence, cybersecurity risk management and quantum information science.
“Each perspective complemented each other,” he told the magazine. “Quantum scientists cut through the hype and confusion around what quantum computing will enable and when that might happen. Threat analysts identified how different quantum computing capabilities might be used to further Chinese national security, internal security, and economic priorities. Risk advisors saw the actions senior leaders in the government and private sector should be taking now to respond to these threats and future uncertainty, while also seizing on greenfield opportunities.”