‘Store now, decrypt later’: US leaders prep for quantum cryptography concerns

U.S. cybersecurity leaders said they are hard at work studying the systems and technology that can withstand an oncoming wave of quantum cryptography tools — which they believe will eventually be able to disrupt critical infrastructure and other important systems.

At the August meeting of the President’s National Security Telecommunications Advisory Committee (NSTAC) on Tuesday, National Cyber Director Harry Coker said the threat posed by quantum computing is “not just on the horizon.”

“It really is here now. Most actors are already using a ‘store now and break later’ [framework] with the intention to decrypt it once they have quantum capability,” he said. “This endangers not only our national secrets and future operations but also our economic prosperity as well as personal privacy.”

NSTAC is planning to conduct a study on how best to push the adoption and implementation of post quantum cryptographic services in both the public and private sector in advance of the emergence of quantum computers. The NSTAC will provide recommendations to the White House on how best to move forward.

For more than a decade, experts have warned of a cryptographically relevant quantum computer that could theoretically be capable of breaking the kind of encryption currently used to protect both corporate data and national security secrets. 

Most cryptographic systems currently rely on complicated mathematics that traditional computers are unable to parse while quantum computers would be able to handle more difficult computations. 

Many experts believe quantum computers will not be viable for at least another 10 years, prompting U.S. agencies to begin work on how best to protect critical systems. 

Coker said on Tuesday that several countries are already investing heavily in quantum computing research, including adversaries of the U.S. that seek to “gain strategic advantage and dominate privacy.”

The National Security Council’s Caitlin Clarke and Comcast Vice President Noopur Davis will lead the NSTAC study, and both argued that the U.S. has to be proactive about getting ahead of quantum computers.

“This is a hard problem. Past experience has shown that migrating to new encryption standards and our complex technology ecosystem can take years, if not decades, to implement,” Clarke said, touting the need for public-private partnerships. 

Davis added that the potential for quantum computers to break existing cryptographic systems “poses a significant threat to national security, economic security, network security and more” — warning that the computers could “jeopardize military and civilian communications, undermine critical infrastructure and compromise financial transactions.”

The proposed report will also cover awareness campaigns, potential policies and incentives the government can use to shift to quantum-resistant technologies.

Nitin Natarajan, deputy director for the Cybersecurity and Infrastructure Security Agency (CISA), added that his team is also looking at national critical infrastructure and assessing where the greatest risk resides in relation to post quantum cryptography. 

Their goal is to not only identify which industries will need federal support to transition to post quantum cryptography but also to inform organizations of the impact of quantum capabilities.

Two weeks ago, the U.S. National Institute of Standards and Technology (NIST) publicly released three encryption tools designed to protect information against a quantum computer — a milestone for computer science and cryptography.

The tools took eight years of work to develop and included instructions on how they can be incorporated into systems. 

Davis said part of the study will cover lessons learned from past technological transitions — citing the move to digital television transmissions as well as the Y2K bug and more — while analyzing other barriers to adoptions like cost and interoperability. 

“Addressing these threats to cryptography in collaboration between government and industry is not just a technological necessity, but a national imperative,” she said. 

“The federal government plans to lead by example, adopting [post quantum cryptography] across all critical systems and thus providing a roadmap for the private sector.”