The News: The U.S. Government has issued a national security memo addressing the threat and mitigation of quantum computing risks. The memo outlines plans for full-scale migration of vulnerable computer systems to quantum-resistant cryptography. Read the news from SecurityWeek here.
Quantum Computing Risks, Mitigation Plan Addressed in National Security Memo
Analyst Take: A new memo from the White House concerning national security issues surrounding quantum computing risks was recently released alongside a plan to advance U.S. leadership in quantum computing. Rapid advancements in quantum computing pose serious risks to civilian and military communications, critical infrastructure controls, and internet-based financial transactions, the memo notes. It warns of the significant economic and security concerns posed by increasingly sophisticated quantum computing capabilities before laying out an aggressive plan to mitigate those risks.
Quantum computers of sufficient size and power will have the ability to break the cryptography used in digital systems across the globe and cause significant disruptions in security. An all-hands-on-deck approach is necessary to prepare for and prevent quantum computing risks from becoming hugely destabilizing to governments, financial institutions, and others. The memo outlines deadlines and plans for migration to quantum-resistant technologies at all federal agencies ahead of similar efforts in the public sector.
Protecting Against Quantum Computing Risks
To begin the process of protecting against quantum computing risks, the memo directs the NSA and NIST to develop and publish new quantum-resistant cryptographic standards that will protect vulnerable systems against potential quantum attacks. These standards should be released publicly by 2024 and enable the kickoff of a multi-year quantum-migration campaign for government institutions as well as all critical sectors of the US economy.
An emphasis on developing cryptographic agility is vital to protecting against quantum computing risks, the memo warns. While crytographically-relevant quantum computers do not yet exist, there is a very real danger of “capture now, decrypt later” attacks in which an adversary could record and store encrypted information now for future analysis by a sufficiently advanced quantum computer. Open-source tools containing backstops to prevent this kind of attack are currently being developed.
The enormous possibilities enabled by quantum computing technology are incredibly exciting – but we must balance the upside by also acknowledging the risks that will likewise emerge in its wake. I’m glad to see federal agencies taking these concerns seriously and setting a proactive example for the public sector. Quantum computing risks will become very real in the not too distant future and the time to prepare is now.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.
Other insights from Futurum Research:
The Tech World Continues to React to Russia’s Attack on Ukraine
French Privacy Watchdog Finds Google Analytics Breaches GDPR
