In a recent interview with Bloomberg News, outgoing chief data officer of the U.S. Department of Defense, David Spirk, called for the Pentagon to track efforts and develop targeted strategies now to defend against the future threat posed by the advanced technological capabilities of quantum computers, or “super computers.” "I don't think that there's enough senior leaders getting their heads around the implications of quantum," Spirk said. "Like AI, I think that's a new wave of computers that, when it arrives, is going to be a pretty shocking moment to industry and government alike."
Quantum Computing sounds like the stuff of science fiction. Isn’t it too far in the future to worry about? Why are top cyber security officials so alarmed about quantum computing as the next big cyber threat? Because although the use of artificial intelligence and machine learning is relatively well-known, the advanced technological capabilities of quantum computing remain a threatening unknown, so it’s difficult to predict the impact on cybersecurity.
What we do know is that current computers are capable of dealing with only one calculation or set of inputs at a time. Qubits, the powerhouse of quantum computers, can simultaneously solve multiple calculations with multiple inputs, changing the way online data is accessed, distributed, and stored. If systems fail to be predictive and functional because quantum computing can manage complex data more quickly, it enables hackers and other adversaries to solve mathematical problems at much faster speeds, unscrambling algorithms that underpin encryption protocols. Our most private information – financial, medical, military – becomes vulnerable. The ability of quantum computers to expose highly sensitive data is therefore potentially disastrous and will radically transform cybersecurity protocols. A new threat calls for a new generation of quantum-resistant encryption algorithms to avoid potential catastrophic security breaches.
Although there are currently no quantum computers able to manage the massive number of qubits needed to perform the factoring required to crack current security, in as little as 10 to 20 years, this could change – the question is, how quickly?
"The best way to put it is we're beyond a research product, but we're not at a commercial product," said Jack Poller, analyst at Enterprise Strategy Group, a division of TechTarget. “A lot of the work is being done at universities and research think tanks. IBM and other big companies are investing in it. Quantum computing requires tens and hundreds of millions of dollars in investments."
Some pioneers of the physics of quantum computing, like Sankar Das Sarma, are fairly dismissive that the applications for the technology will be here anytime soon. He compared it to trying to make today’s best smartphones using vacuum tubes from the early 1900s. You can put 100 tubes together and establish the principle that if you could somehow get 10 billion of them to work together in a coherent, seamless manner, you could achieve all kinds of miracles. What, however, is missing is the breakthrough of integrated circuits and CPUs leading to smartphones—it took 60 years of very difficult engineering to go from the invention of transistors to the smartphone with no new physics involved in the process.
Joe Altepeter, who manages DARPA’s new quantum project, told Bloomberg there was a lot of “hype” over industry claims about the arrival of quantum computing, with several “hardware miracles” still standing in the way. Some of the smartest physicists he knew were divided over whether useful quantum computing would ever exist, Altepeter said, adding that the risk was such that it was important to develop resilient systems.
However, those detractors were not in evidence with The Pentagon's latest annual report to Congress on China's military power which stated that China is "at or near the lead on numerous science fields," including AI and quantum. In short, this nascent technology, if developed at predicted speeds, could compromise the encryption systems that protect American secrets and introduce a new class of cyber criminals and hackers. According to the National Security Agency, this adversarial use of a quantum computer could prove “devastating” to the country’s security systems, particularly given that it may take 20 or more years to develop cryptography that resists this code cracking, even though quantum computing is expected to be prevalent as early as 2030. The threat is very real, the stakes are high, and according to cybersecurity experts, it will be here sooner than we think.
Now that the threat of quantum computing has appeared on the radar of top officials across industries and government, real-time solutions and cryptographic resources are rapidly developing to address the potential risks. In addition to a January presidential memo demanding that agencies establish a strategic timeline to transition to cryptography that is quantum resistant, and with clear warnings from Spirks and other experts, the National Institute of Standards and Technology (NIST) has launched a global competition to develop a reliable and resilient “post-quantum algorithm.” This is the first big task; once a workable solution is found, the Department of Defense will then face the extraordinary task of upgrading all software and hardware: this will impact servers and laptops, as well as submarines, tanks, helicopters, and weapons systems. These military applications might be less than a decade away.
There is still a great deal to learn and according to experts like Spirks, we cannot wait for 15-20 years for these resilient systems to be developed. Experts have advised that this timeline is too vague and not sufficiently accelerated, arguing that the Pentagon must work on a solution of “crypto-agility” now, following the lead of commercial vendors that are already exploring ways to use quantum-resistant cryptography to safeguard financial and health-care sectors.
If the U.S. doesn't make the right investments in defensive quantum today, "then our concepts around encryption, data security and cybersecurity will be obsolete because the computers will break our cryptography," Spirk said. He added that all the encrypted data that adversaries have already gathered would risk further exposure of additional sensitive data. Although we haven’t witnessed it fully operational yet, and the future of quantum computing is not yet known, the time to develop integrative and sophisticated crypto-resilient systems is now.
As hardware and software move into new fields such as AI and Quantum Computing, it puts more demands on the workplace and the workforce. The environment is changing; there are attacks on critical industries; there is a growing response from and collaboration by both industry and government to address these attacks. Obviously, cybersecurity training must continue to adapt going forward – moving to hybrid models that meet workers where they are, including both in person and virtual training, and improving the real-world scenarios to match the challenges we face.
CYRIN can help. CYRIN’s online interactive virtual training platform is designed to improve the skills of IT, engineering and cybersecurity professionals and students. CYRIN contains more than 50 interactive labs where you can train on commonly used tools in network administration and defense, individual and red team/blue team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks.
To meet the test, CYRIN is continuously evolving to stay abreast of the cyber “arms” race. We constantly add new courses and new tools to meet the existing challenges and new threats as they emerge.
But don’t take our word for it. Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!