It’s rare that the two major political parties in the U.S. ever join together in a common cause in today’s extremely divided political landscape. However, one exception to their rigorous tradition of clinging tight to their polar opposite left and right agendas is to come together to ensure the U.S. maintains its technological leadership through the 21st century.
The main technological pillars that both sides often agree need their bipartisan support and effort include quantum technology, artificial intelligence (AI), and the restoration of domestic semiconductor manufacturing. The quantum arena in particular provides a double-edged sword of excitement and anxiety that grips the attention of those concerned with the future of the U.S. On one hand, quantum computing promises to open doors to otherwise impossible market advantages. On the other hand, it’s well known that in less than a decade quantum-powered cyberweaponry will likely be able to render our existing digital security defenses useless.
This year’s executive orders, national security memorandums and legislation reflect the government’s acute concern regarding the severe risks that quantum will create. With its mandate to transition to post quantum encryption systems, the message is clear—our current cyber defenses lag way behind the quantum computers that are now scaling to break through them. This has often been referred to as the “harvest now, decrypt later” problem—a problem that the National Institute of Standards and Technology (NIST) has been working to solve since 2016.
Both the Trump and Biden administrations have made efforts to advance this industry, beginning with the National Quantum Initiative, followed by a flurry of other directives, including an Executive order on Improving the Nation’s Cybersecurity, a Quantum Computing Cybersecurity Preparedness Act in Congress, a National Security Memorandum on promoting quantum security while mitigating its risks, and an Executive order to form a National Quantum Initiative Advisory Committee. On top of that, in early July 2022, NIST capped a multi-year process by announcing the Post Quantum Cryptography (PQC) finalists for standardization in the coming 18 to 24 months.
All of these form the foundation of cybersecurity for the next few decades and all U.S. government agencies must comply and produce a transition plan this year. This is a rare and somewhat alerting instance of the government leading the business community. It also recognizes the difficulties ahead and the long timelines required to achieve PQC-level security across a vastly larger and interconnected world.
Quantum is not a field evolving in a vacuum, and cybersecurity tooling is perhaps one of the most dismal failures in software at every level. Classical computers used for cryptanalysis continue to advance with AI, machine learning (ML), and other technologies to unveil decades-old flaws and spawn new advanced hacking techniques on a regular basis. One absolute has come from the intelligence community perspective and its deep knowledge of networks and infrastructure, they will always be able to find a way into any system, even if it’s air-gapped or otherwise. That means professional and nation-state sponsored cybercriminals will eventually figure it out too.
When it comes to your data, it’s not if it will be accessed or stolen, it’s when. Your last line of defense is quantum secure encryption. So, when it gets accessed or stolen, it will be useless and unexploitable by outside parties. In fact, stolen copies of your data might already be sitting on a server in China waiting for the time that quantum technology advances far enough to blast through the defenses of its traditional encryption.
Essentially, quantum computers are becoming the virtual nuclear weapons of cyber warfare, and the U.S. government is doing what it can to have defenses in place before it’s too late. Businesses need to follow the government’s lead with urgency to prevent themselves from becoming casualties of war before the fighting even begins. In other words, if you don’t start quantum encrypting your data today, you’re already a potential victim. You don’t have years to make sure you’re quantum protected. The only data safe from today’s harvest now and decrypt later attacks are those that are already quantum encrypted.
In fact, the directors of the FBI and MI5 have publicly stated that China’s intelligence apparatus is explicitly designed to steal intellectual property and put the U.S. and Western nations out of business. The private sector’s intelligence community describes the Chinese Communist Party as a kleptocracy, where stealing for economic gain is the norm. The situation is a bit ironic since U.S. Intelligence is forbidden from collecting information and providing it to U.S. companies for commercial gain or market edge.
The U.S. government has acknowledged cybersecurity as a national economic security imperative. That includes forcing its vendors to comply with its quantum security initiatives if they want to continue to do business for the government. More legislation and regulation is coming to compel the business community to protect themselves with PQC. Halfway through 2022, the government’s efforts are very promising and will ultimately benefit society.