How the US can avert a 'quantum catastrophe'
- By Susan Miller
- Apr 10, 2020
Researchers at the RAND Corporation called the threat to classical encryption by advances in quantum computing “urgent but manageable” and offered recommendations to government and industry leaders.
In a new report, Securing Communications in the Quantum Computing Age, RAND analysts assessed how quickly quantum computers are likely to be developed, when postquantum cryptography standards can be developed to withstand attacks by quantum computers and the timeline for wide adoption of PQC.
The authors said the possibility of quantum computers undermining current encryption is roughly 15 years away, but risks increase if PQC is not in place by that time. Additionally, there is a “retroactive risk” to currently encrypted information, which will become vulnerable when today’s encryption standards fail in the face of quantum-powered code breakers. Lack of consumer awareness about the risks posed by quantum computing suggests that government should drive the required policy changes, they said.
“[W]e judge the threat to be urgent,” the authors wrote. “There is little to no margin of safety for beginning the migration to PQC. The vulnerability presented by quantum computers will affect every government body, critical infrastructure, and industry sector. … This presents a national security threat that requires a centrally coordinated, whole-of-nation approach to risk mitigation.”
The report offers nine recommendations, addressed to the executive branch, Congress and individual organizations.
The White House should dedicate a coordinating body for prioritizing a national response and mandating PQC transition for government agencies, critical infrastructure and the companies in the government supply chain. Further, it should ensure all agencies are working across government and with industry partners to improve overall awareness of PQC, update guidance and make contingency plans. The report also called on the administration to minimize the number of algorithms the National Institute of Standards and Technology is evaluating for a post-quantum secure standard.
Congress should improve awareness through hearings and oversight and incentivize the move to PQC. Individual organizations should take stock of impending and retroactive risks, inventory their public key cryptography use and build cyber-resilience and cryptographic agility into their systems.
“If the United States acts in time, however, with appropriate policies, risk reduction measures, a whole-of-government approach, and a collective sense of urgency, it has an opportunity to build a future communications infrastructure that is as safe as or safer than the status quo,” the report said. “The United States has the solutions, the means, and, very likely, sufficient time to avert a quantum catastrophe and build a safer future, but only if it begins preparations now.”
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.