Quantum-Safe Cryptography Gets Presidential Boost

A future theoretical threat to cybersecurity is now being taken more seriously following the signing of legislation by President Biden that encourages federal government agencies to adopt technology that is protected from decryption by quantum computing platforms.

The concern is that data that has been encrypted using algorithms that these platforms can crack is being collected today by nation-states and others for use at a later future time. The Federal government is worried that state secrets that are thought to be safe today because they are encrypted will fall into the wrong hands. Of course, the same concern applied to intellectual property. Data describing, for example, a secret formula might be decrypted using a quantum computer that could then be shared with potential rivals.

The value of intellectual property being stolen is already measured in trillions of dollars, so an issue that is already increasing international tensions is likely to be further exacerbated.

The Quantum Computing Cybersecurity Preparedness Act requires the Office of Management and Budget to prioritize the funding of IT systems that use post-quantum cryptography. It mandates also that the White House create guidance for federal agencies to assess critical systems one year after the National Institute of Standards and Technology (NIST) issues forthcoming post-quantum cryptography standards.

At its most fundamental level, rather than working with bits, a quantum computer employs particles in the form of qubits that can be in superposition; in other words, they can take the value of 0, 1 or both simultaneously. The capability will enable quantum computing platforms to crack encryption schemes such as AES, RSA, or ECDSA that have been widely used to encrypt data. Organizations will either need to replace the encryption technologies employed in those legacy applications or replace those applications altogether.

Cybersecurity teams should also be advising their application developers to implement encryption going forward in a way that is more easily upgradable because it’s clear encryption algorithms will be evolving as NIST moves toward establishing a standard for algorithms that are deemed to be quantum safe.

Quantum computers are already being used for less nefarious purposes. Ford Motor Company just revealed it is using quantum computers to research the development of more efficient batteries for electric vehicles. Cybersecurity teams should assume that many governments around the world are already making these platforms available to espionage services around the world, especially as the cost of storing encrypted data for long periods of time continues to drop.

It's, of course, challenging to get business leaders to appreciate the severity of a future threat but now that government agencies are being required to act it might be easier for cybersecurity professionals to make a case to modernize encryption. Few members of a board of directors are going to want potentially embarrassing revelations that could materially impact the value of an organization ever coming to light or, worse still, find themselves subject to blackmail. As the maxim states when it comes to cybersecurity, it is always to be safer today than much sorrier tomorrow.