3 reasons swift action is needed to prepare for a quantum cyberattack

In the pantheon of cybersecurity risks our federal government currently has on its plate, a quantum cyberattack may not be the immediate “front burner” issue.

In the pantheon of cybersecurity risks our federal government currently has on its plate, a quantum cyberattack may not be the immediate “front burner” issue. But it’s still a red-hot risk. Cryptographic algorithms secure everything from our industrial control systems to our national defenses to the entire U.S. financial system.

As our nation marks Cybersecurity Awareness Month in October, it’s the perfect time to highlight three reasons why swift action is needed by our federal government to mitigate this emerging threat:

#1: Quantum computing is evolving more quickly than expected.

The ability to use the states of subatomic particles to store information — quantum computing —is going mainstream far sooner than expected.

As a result of recent breakthroughs and high levels of funding, “we may see general-purpose quantum computers earlier than many would have anticipated just a few years ago,” according to MIT Technology Review. In fact, the market for quantum computing is expected to top $125 billion by 2030, a staggering 36.8% growth rate.

Issues around cryptographic security make this rapid pace of development a special cause for concern. Where it used to theoretically take 14 billion years of compute time to crack a cryptographic code, it now takes just five years — and that’s because a single individual discovered just one new algorithm.

New discoveries are happening in quantum all the time, at a rate that few had anticipated. When those discoveries are targeted at disrupting conventional cryptographic methods, alarm bells should be ringing across federal government.

#2: Our adversaries are heavily investing.

America’s global adversaries are aggressively investing in efforts to weaponize quantum computing.

Recent cryptographic-hacking claims from one of our adversaries, though largely disproven, point to an intense effort to leverage quantum for attacks against U.S. financial sector and critical infrastructure targets.

According to most experts in this field, the U.S. will most likely see a successful use of quantum computing to undermine our cryptographic protections within the next ten years. That gives the federal government a short window to prepare.

#3: We tend to drag our feet.

To adequately address the quantum threat, federal agencies need to address budgetary constraints, as well as with the sheer scale and complexity of the systems that need protecting. For one government agency alone, millions of endpoints will need to be hardened against quantum-cryptographic threats.

Federal agencies need to look to safeguard not just their information technology ecosystems, but an increasingly diverse landscape of operational technology resources, and manage increasingly complex supporting legacy and emergent cryptographic algorithms. All of that adds potential delays.

Faced with the kind of generational technology change represented by quantum, our federal government typically would need about a decade or longer to pivot.

What’s needed.

To ramp up protections, federal agencies should be inventorying and road-mapping the systems that need to be hardened. A range of guidance documents already are pushing them in this direction.

White House memoranda NSM-8 and NSM-10, for example, call for all federal agencies to assess uses of vulnerable cryptography in classified systems and develop a timeline to transition to quantum-resistant cryptography. Office of Management and Budget memo M-23-02 sets out new guidance to initiate the transition to post-quantum cryptography, and establishes guidelines to submit a cryptographic inventory.

Further and more specific guidance is expected soon from the National Institute of Standards and Technology. By undertaking rigorous self-scrutiny now, federal agencies can protect networks by enveloping them in an additional layer of cryptography, one that is not at risk from our adversaries’ quantum computers.

The good news.

Even as quantum computing poses new cyber threats, it also offers new opportunities for federal agencies.

The speed and scale of quantum-based calculations promises to drive new efficiencies across federal government, both in defense and civilian agencies. Quantum will power a new level of data analytics, giving civilian agencies faster and deeper insights into constituent trends. It will help defense agencies tackle logistical challenges with a speed and accuracy not found in classical computing. With increased funding and focus, which is already underway as evidenced by the National Quantum Initiative, the federal government is beginning to realize the opportunities that quantum presents.

While quantum computers cannot immediately pose a threat to our bedrock cryptographic systems, the U.S. government cannot afford to delay in addressing both the emerging opportunities and challenges. Quantum computing represents a real and significant threat to the cryptography that secures every important aspect of our national infrastructure. Our adversaries know this and are working around the clock to exploit our vulnerabilities. Swift action is needed.

Garland Garris is quantum security lead at Accenture Federal Services.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Getty Images/iStockphoto/djedzuratechnology trends 2024,

    Emergency management today: Quantum computing is a 21st century solution for 21st century problems

    Read more
    Amelia Brust/Federal News Network

    White House tells agencies to participate in post-quantum cryptography tests

    Read more