Learn About Quantum – Now!
Are you ready for Quantum computing? When a speaker left the stage of a recent conference, I was hit with the daunting reality of how far behind I was in understanding this technology that could completely disrupt and transform everything we all know as our current reality. The more I investigated, the more concerned I became that our government and tech industry is not investing nearly enough resources to own this space. The National Quantum Initiative Act and National Security Memoranda 8 and 10 have been driving the government effort, including collaboration between NSA, NIST, and CISA to prepare new security platforms for post-quantum. However, the immense scale of the risk is one that needs a ”moonshot” approach instead of our current posture.
What is quantum and how does quantum computing work?
Quantum computing is a special type of computing that uses tiny particles called "qubits" instead of regular computer bits to do calculations. Quantum qubits can be in a state of “superposition” where, unlike regular computer bits that are limited to being a 1 or 0, they can be both at the same time! It's like if you were playing a game of "heads or tails", but instead of just flipping a coin and getting either heads or tails, you could get both heads and tails at the same time. Or, as the speaker described – regular computers can be ice or water, quantum computers can be ice, water, and water vapor all at the same time.
Another interesting thing about qubits is something called "entanglement". This is when two qubits become linked in a special way, so that whatever happens to one qubit also happens to the other qubit, no matter how far apart they are. It's like if you had two magic coins that were somehow connected, and no matter where you flipped one coin, the other coin would always land the same way. By using these special qubits and entanglement, quantum computers can do some types of calculations much faster than regular computers. This is really useful for things like breaking codes or doing complicated simulations that regular computers can't handle.
Have you heard of the name Peter Shor? Peter Shor is a mathematician (fun fact: and actress Angela Lansbury’s husband) and computer scientist who developed Shor's Algorithm, a quantum algorithm that can factor large numbers exponentially faster than any known classical algorithm. Peter Shor's work on quantum computing has significant implications for RSA encryption technology, widely-used encryption method that relies on the fact that factoring large numbers into primes is very difficult for classical computers. Any former government people remember those gray RSA key-fobs with the number that changed every few seconds we used to log into our work computers? ?Well, Shor's algorithm can factor large numbers exponentially faster than any known classical algorithm, which means that it could potentially break the RSA encryption those key-fobs utilize.
How big is the risk?
RSA’s encryption uses numbers that are thousands of digits long, which would make it theoretically possible but reasonably impossible to break with a modern computer. Quantum speeds up that process so much that these protections created by encryption disappear. It’s the difference between it taking 100 years to break an encrypted code versus 100 seconds. That’s every password, every firewall, every encrypted chat room and text message – on every public, private, government, academic, commercial, and military device in the World that uses RSA encryption. Imagine the risks to financial systems, critical infrastructure (electric grid, transportation, telecommunications), cryptocurrency that uses blockchain, university and government R&D, etc. if these cybersecurity protections were suddenly made obsolete.
While such a quantum computer doesn’t exist yet, it is common knowledge in the tech and national security community that China and number of other adversaries are investing significant funding and manpower to building such a capability.
The significant threat to the security of RA encryption from Shor's algorithm has prompted researchers to explore new encryption methods that are resistant to quantum attacks. The development of post-quantum cryptography, which is designed to be resistant to attacks by quantum computers, is an active area of research in response to this threat.
领英推荐
That’s where the National Quantum Initiative Act (NQIA) of 2018 and those National Security Memoranda come in. The objective is to accelerate the development of quantum technologies and ensuring that the U.S. remains a leader in this field. The NQIA provides funding for R&D for developing quantum technologies and establishes a National Quantum Initiative Program to coordinate these efforts and to train a diverse workforce in quantum information science and tech. NSA, NIST, and CISA are conducting advanced quantum research programs, developing quantum standards and measurements, and developing strategies to protect critical infrastructure against cyber threats powered by quantum computing.
What can you do and when should you do it?
EVERY organization needs to develop a quantum action plan NOW, as a part of their comprehensive cybersecurity strategy.
First, you must know what you have. This is the greatest challenge for a company or organization, because IT systems are often built as-needed and are a vast spiderweb of individual, but connected, systems. Regardless, organizations must get a good understanding of their cryptographic status. What types of data are we encrypting? What encryption algorithms are we currently using? Who has access to the encrypted data? How are the encryption keys being managed and stored? Are we using any outdated or vulnerable encryption technologies? What are our encryption policies and procedures? Have we ever experienced any encryption-related incidents or vulnerabilities? Have we conducted any recent security assessments or audits related to our encryption practices? Are there any upcoming changes or updates to encryption standards that we need to be aware of?
Second, they need to prioritize their systems based on importance, risk/vulnerability level of the security, and sensitivity of the data. Most organizations have limited resources and cannot secure everything equally. Prioritizing cybersecurity systems based on risk, sensitivity, and importance ensures that the most important and sensitive systems are secured first, reducing the overall cost of cybersecurity by focusing on the areas that matter the most, and helps organizations take a proactive approach by identifying and addressing vulnerabilities before they can cause damage to critical systems and data.
Finally, they need to develop a comprehensive plan that includes specific requirements and budget estimates for dedicated funding. This cannot be a one-off. The significant shift in computing power that will be the “norm” post-quantum means the threat vector is not just wider, but accelerating at an unimaginable pace. Developing a comprehensive cybersecurity plan that includes specific requirements for post-quantum cryptography helps organizations future-proof their security and protect their data from potential quantum attacks. Developing budget estimates for dedicated funding helps organizations allocate resources appropriately and ensure that they have the necessary resources to implement and maintain post-quantum cryptography solutions. This can help avoid cost overruns and ensure that the necessary security measures are in place to protect critical data. For governments and public sector contractors, there is the additional complication of cybersecurity compliance requirements and potential penalties for non-compliance.
###
?
?About:
Nigel Stephens is the Founder and Principal of Phoenix Strategies, a full-spectrum government relations, lobbying, policy and political strategy firm. For over 25 years, he has worked in the U.S. House of Representatives and U.S. Senate, on political campaigns, and in the private sector to drive initiatives around innovation and IT modernization, small business and entrepreneurship, minority business development, modernizing government, and economic development.