President Joe Biden signed a national security memorandum (NSM) on Thursday asking government agencies to implement measures that would mitigate risks posed by quantum computers to US national cyber security. The NSM outlines the risks of cryptanalytically relevant quantum computers (CRQC), such as their likely ability to brake current public-key cryptography. More information: https://www.bleepingcomputer.com/news/security/white-house-prepare-for-cryptography-cracking-quantum-computers/
It is encouraging to see, but no surprise, that President Biden is taking steps to ensure the US is ready for quantum computing and the impact it could have upon the cybersecurity landscape. While quantum computing promises unprecedented speed and power, it also poses new risks. As this technology advances over the next decade, it is expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications. Modern encryption methods are specifically designed so that decoding them would take so long that they are practically unbreakable. Quantum computers change this thinking. These machines are far more powerful than classical computers and should be able to break these codes with ease. Many cyber threat actors are now also operating under the mindset – “harvest now, decrypt later” – making the need to protect our data NOW all the more important.
With all this in mind, it is imperative that organisations start to prepare a post-quantum cybersecurity strategy sooner rather than later. This includes auditing systems to identify “quantum vulnerable” systems / processes / datasets. I hope that President Biden’s memorandum will encourage organisations to take this threat seriously. Only then, will they be able to leverage the transformative power of quantum computing without increasing their security risk posture.
This is a great, proactive, further step in preparing the U.S. for the threats from sufficiently capable quantum computers. While no one, at least publicly, knows when the threat of quantum computers will be realised, we all know that it is sooner rather than later. Most quantum experts put the eventuality of quantum computers breaking much of today\’s cryptography at 10 years or less. I do not think anyone would be shocked if it happened in five years or less. Me, personally, I think we are talking only a few years. The question is if we and the rest of the world will be ready…and have quantum-resistant cryptography and systems in place before the quantum cryptographic break happens? Every single company in the world should right now be preparing to convert their systems to quantum-resistant protections. They need to start with taking an inventory of what important data is protected by what quantum cryptography and key sizes. Just that process alone will likely take most companies half a year to years to do right. They need to start NOW! And almost no company is doing anything. Most are not even aware of the coming problem at all. It is a problem. It is a growing problem as the clock continues to tick down to when the quantum threat becomes a realised problem. President Biden is taking a good step in declaring, \”Get going!\”. But how many people are listening and understanding?
One big complication is the so-called post-quantum cryptography solutions that everyone will need to move to when they become standards because they have suffered some catastrophic setbacks in the last few weeks. The National Institute of Standards and Technology, NIST, was due to announce the new global post-quantum standards at end of last year or first quarter of this year. And literally days to a few weeks before they were to announce the three post-quantum cryptography standards that the world was going to use going forward, two of the three were announced as broken. It was good that they were caught and weeded out before they became official standards but being caught so late in the process…literally days to a few weeks before they were announced as what we were to use has caused a seismic trust issue with the process. And the only post-quantum encryption cipher to survive is fairly old and very inefficient as compared to the other candidates. No one wanted it to be what we had to use, but it is what we have got. The last minute disqualifications have made many wonder if we can trust any of the announced new post-quantum standards. The fear is they, too, will be discovered to provide inadequate protection to quantum attacks, but after the whole world has gone through the great pain of migrating to them. That is why whatever post-quantum cryptography we do get told are the new standards and that we migrate to, that all organisations and vendors work to make their solutions \”crypto-agile\”; meaning if a new replacement cryptographic algorithm is needed that it can be replaced with the least amount of effort. Right now, to replace our cryptographic standards requires a very heavy lift, often complete replacement of the hardware and software involved. A crypto-agile environment would just need to install the new ciphers and not a new everything. So, at the same time as everyone is pushing to read themselves for the post-quantum world, as it is called, they need to be pushing to make their environments crypto-agile and force all vendors to develop and deliver more crypto-agile solutions. Being crypto-agile is probably even more important than being quantum-resistant for the long run efficiency of the world. One protects you against the coming quantum attacks and the other better protects you against every future cryptographic threat possible…of which a quantum-threat is only one.
The federal government is asking academic institutions, research institutions, government agencies, and regional governments to begin coordinating to anticipate and mitigate the threat that quantum computing poses to traditional encryption. While it can take unrealistically long times for traditional computers to attack currently recommended encryption algorithms, quantum computers are expected to be able to break such encryption in trivial amounts of time. This means that when quantum computing leaves the lab, all currently encrypted data will be vulnerable to confidentiality breaches. This is another step on the march of progress. In my career, I have seen MD5 hashing go from recommended to obsolete due to advances in computing. The same is true for sha-1. I\’ve also seen SSL 1-3 and several TLS versions become obsolete due to exploitable or potentially exploitable weaknesses which prevent their use in protecting sensitive data. Advances in quantum computing will do the same for everything out there now. In 2024, NIST will coordinate with the NSA and NSS to release technical standards for quantum‑resistant cryptography to define the next generation of encryption. This is something that should be followed very closely by companies who release devices that rely on un-patchable encryption into the field. If the operating lifespan of these devices overlaps with operational quantum computers, they will have massive confidentiality vulnerabilities that cannot be patched. Everyone else will have to continue to upgrade encryption as directed and legacy devices and applications that cannot be upgraded shouldn\’t be trusted with sensitive data after that point.