On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act, which encourages federal government agencies to adopt technology that protects against quantum computing attacks.
The act does not yet mandate any new standards or give a fixed time frame for switching away from any algorithms currently used, so it is more of a reminder than a regulation.
Why would the USA, a country that is audaciously cryptic about its sensitive (government and defence) information, make such a move?
The message is loud and clear: the US government does not want any Q-Day scenario.
We can be fairly certain that the US has invested in the best encryption technology to secure its data. But, they understand the power of quantum computers in breaching cybersecurity. Hence, this move!
The act marks a major milestone in the global effort to develop and deploy quantum-resilient cybersecurity. All countries need to take note. It has become imperative to defend against the coming quantum computing threat since it takes significant effort and years to upgrade existing government and commercial technology and cryptography.
The act mentions that Congress finds cryptography essential for national security and the functioning of the economy and notes the potential risks posed by “harvest now, decrypt later” attacks.
The thought behind the Act
According to the Quantum Alliance Initiative (2021), the US could incur a cost of over $3 trillion in damages in the event of a quantum attack. Quantum attacks on the monetary transactions of a US financial institution alone could cost $2 trillion.
A quantum computer is also capable of breaking communication sessions and taking control of transaction sessions midstream. The threat to sensitive data of the future is more alarming than losing the security of past data.
In a nutshell, the consequences of quantum attacks on finance, healthcare, manufacturing, logistics, and infrastructure industries are too large to ignore.
The US has made a calculated and informed decision to roll out this act.
To summarise, the premise behind passing this act is:
- Cryptography is essential for the national security of the United States and the functioning of the economy of the United States.
- The widespread encryption protocols today rely on the computational limits of classical computers to provide cybersecurity.
- Quantum computers might one day have the ability to push computational boundaries, allowing us to solve problems that have been intractable thus far, such as integer factorization, which is important for encryption.
- The rapid progress of quantum computing suggests the potential for adversaries of the United States to steal sensitive encrypted data today using classical computers and wait until sufficiently powerful quantum systems are available to decrypt it.
Congress senses that,
- a strategy for the migration of information technology of the Federal Government to post-quantum cryptography is needed; and
- a government-wide and industry-wide approach to post-quantum cryptography should prioritise developing applications, hardware intellectual property, and software that can be easily updated to support cryptographic agility.
What should you infer?
‘Cryptographic agility’ are golden words in an uncertain digital world.
It means that you should not only be able to switch algorithms, change key sizes, or adjust algorithm parameters quickly but also do so safely, possibly at short notice. The threat is not limited to the federal government. It also impacts the private sector as hackers look to steal customer data and intellectual property that fault-tolerant quantum computers can decrypt. The act serves as a cue to the private sector to begin preparing for this massive new cybersecurity challenge.
The key takeaway is to keep yourself cryptographically nimble even if a sudden quantum computing breakthrough does not happen. You do not want to risk your data by missing the opportunity to upgrade.
As it is said, “Cybersecurity is a journey, not a destination.”
How can QNu help?
QNu Labs is a pioneer in developing products that proactively secure data for the post-quantum era.
QNu's range of quantum-based products covers security from end-to-end across the entire data-based paraphernalia. From quantum-based encryptions to entropy enhancement services, QNu covers all security bases.
It is time to use quantum cryptography against quantum-powered attacks.
