Written by Susan M. Gordon, John Richardson and Mike Rogers
Cybersecurity is one of the top national security issues facing America. Right now, adversaries are conducting “store now, decrypt later,” or SNDL, attacks against the United States, in which they exfiltrate and store sensitive encrypted data critical to national security, critical infrastructure, businesses and more. The intention is to steal this sensitive data to decrypt it when quantum computers can decrypt this information.
At that time, the public key encryption algorithms that have protected our stored data, communications, financial transactions, networks, government secrets, intellectual property and other assets for nearly 50 years will become obsolete and the sensitive information they protected will be revealed. Any encrypted data that has already been stolen can no longer be protected. The danger is immediate.
It is imperative that US government agencies and private sector companies immediately begin migrating vulnerable cybersecurity protocols to post-quantum cryptography (PQC). PQC could protect this sensitive government and industry data from these cybersecurity attacks.
The government has taken positive action against this threat to national security. Recently, President Biden issued an Executive Order, along with two National Security Memoranda (NSM-8 and NSM-10) directing the United States to accelerate its quantum computing initiatives, including quantum-resistant cybersecurity. To that end, on July 12, the House of Representatives passed the Quantum Computing Cybersecurity Preparedness Act (HR7535) and that bill now awaits Senate consideration. The industry is ready to support the US government after Senate approval and US government implementation.
While a much-needed step in the right direction, the proposed legislation does not adequately address the current threat posed by SNDL attacks against vital government, military and infrastructure systems that rely on cryptography. current public key. Much of the encrypted data will remain sensitive for decades. Once this data has been exfiltrated, nothing can be done to prevent it from being exploited by adversaries. PQC protocols can protect against SNDL attacks, but the process of migrating to PQC will be long – we need to start now.
NIST has released the first four of its planned PQC algorithms, and major global banks, telecoms, healthcare providers, and other companies have already begun transitioning to PQC. Given the complexity of federal computer networks, the PQC vulnerability assessment process alone will take several months.
The Office of Management and Budget, which helps the President meet policy, budget, management, and regulatory requirements, could make funds available now to allow the federal government to begin assessing current crypto uses and developing migration strategies, pending approval of legislation. . And agencies and organizations must take the necessary first fundamental steps of this transition – in particular taking stock of their networks to understand what they have and making a risk-based assessment of their protection priorities – to ensure that they are ready when the standards are established. and funding is available.
As former defense and intelligence officers, we can bear witness to what is at stake as the world enters the quantum age. The current SNDL attacks pose an existential threat to our government, military, and commercial enterprises, as well as to the prosperity, privacy, and security of our citizens.
Washington should vigorously strive to become the dominant power in quantum information science. This includes starting the PQC business migration process immediately. We cannot afford to fall behind.
***
Former Senior Deputy Director of National Intelligence Susan M. Gordon is a former senior intelligence official and renowned expert in strategy, innovation and leadership. Gordon advises on technology, space, cybersecurity and global security. Gordon was the second-highest-ranking officer in the U.S. Intelligence Community serving as Principal Deputy Director of National Intelligence from 2017-2019. She serves on several advisory boards including CACI International, E3/Sentinel, Pallas Advisors, Primer.AI and Draper Richards. Kaplan Foundation. Gordon is also an advisor to SandboxAQ.
Admiral John Richardson served 37 years in the United States Navy, completing his service as Chief of Naval Operations (CNO), the Navy’s senior officer. Since retiring, he has served on the boards of several large corporations and works in leadership development. While in the Navy, Richardson served in the submarine force. He commanded the USS HONOLULU attack submarine in Pearl Harbor, Hawaii, for which he received the Vice Admiral James Bond Stockdale Inspirational Leadership Award. Richardson is also an advisor to SandboxAQ.
Mike Rogers retired from the US Navy in 2018 after nearly 37 years of naval service, rising to the rank of four-star Admiral. He culminated his career with a four-year tour as Commander of US Cyber Command and Director of the National Security Agency. In these roles, he worked with leaders of the US Government, DoD, and US intelligence community as well as their international counterparts in the conduct of cyber and intelligence activities around the world. Admiral Rogers currently supports private sector companies, either as a member of various boards of directors or as a senior advisor. Rogers also serves as an advisor to SandboxAQ.
-In this story-
China, hackers, politics
#threat #quantum #computing #real #act