For a few years now, we’ve been hearing about quantum technology and what today’s supercomputers would take thousands of years to solve; quantum computers would get the job done in seconds.
The advances that will be made (through the use of quantum) in countless fields and industries will be astounding.
But in a recent article in Forbes, a cybersecurity expert expressed the following warning:
“To put it as clearly as possible, the first nefarious nation-state that brings a quantum computer online with enough power to crack encryption could have unprecedented global control at its fingertips.”
Quantum has not yet advanced enough to do that, but it is coming. Some experts estimate it could be up and running by 2030-2035.
This is serious business.
A recent article in The Economist also sounds the alarm about the threat Quantum then poses to your present encryption.
Here is a quote from the article:
“Quantum computers are still in development. But as they become more powerful and more reliable, they will pose a threat to how we transmit and store confidential data including bank transactions, sensitive government information and intellectual property.”
This, of course, is alarming because quantum could then decrypt the protections (encryption) you now have in place to prevent access to your IP.
That brings us to the term “Store Now—Decrypt Later,” otherwise known as “STEAL Now—Decrypt Later.”
Apparently, adversaries of all types are currently—meaning right now! — stealing IP that is protected by encryption.
One’s immediate reaction might be: What a waste of time. You can’t read anything. Why waste time collecting data you cannot read?
Why? Because bad actors are waiting for the day that quantum is developed enough for them to break your present-day encryption and decipher your data.
Here’s another quote from The Economist article that drives that point home:
“Criminal groups are targeting intellectual property and other kinds of data that will keep their value years from now when they decrypt it.
“This means that as quantum computers scale, there will be “submarine decryptions’’ of data troves that will surface unexpectedly, just like submarines in water.”
So, what are private and public entities to do? Just let bad actors get in and steal your IP in 10—15 years when quantum is fully developed.
No.
Countermeasures are now emerging to resist quantum from cracking your encryption, known as “Post Quantum Cryptography (PQC)”) (also called Quantum Resistant Cryptography.)
In 2016, the National Institute of Standards and Technology (NIST) looked into establishing standards for PQC and is actively overseeing a public competition to create quantum-safe algorithms.
And, without going into too much detail here, in December, U.S. President Joe Biden signed into law the “Quantum Computing Cybersecurity Preparedness Act,” which requires federal agencies to establish strategies to migrate to post-quantum cryptography.
What is the bottom line?
As noted in another recent cybersecurity article:
“As the volume of attacks continues to rise, some 35% of well-funded, highly sophisticated, state-sponsored attacks are directed not at other nations, but at the corporate enterprise, with intent to steal IP, disrupt supply chains, or infect infrastructure.
“Bad actors are everywhere, and come in many forms – countries, NGOs, rival firms, individual criminals, and activists. Use of SNDL is widespread among all these groups.
“The business implications of any breach are by now well understood – they always entail a direct impact on the bottom line, reputational damage, regulatory fines and other sanctions.”
FINAL THOUGHT
This should scream loud and clear to private entities that they should establish strategies to migrate to PQC before it is too late.
ADDITIONAL INFORMATION
The below six-minute video/interview with a RAND scientist concisely captures the current state of PQC research.
“Government working to prevent quantum computers from hacking all internet communications”
Disclaimer: IPProbe.Global is a service to the professional IP community. While every effort has been made to check the information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and is not intended to provide legal or other professional advice.