China may steal encrypted government data with ‘intelligence longevity’ now to decrypt with quantum computers later
(NextGov) Quantum technologies are altering the U.S. cyber threat landscape in serious ways and organizations should start acting now to ensure their infrastructure and data will be protected as the field evolves, according to a new report.
China, specifically, has become a major player in quantum computing and will likely soon collect encrypted American data in hopes to eventually decrypt it when the advanced quantum systems go into operation.
“Quantum computing is a rapidly evolving technology with far-reaching disruptive potential, and China is a leading developer of it,” Booze Allen Hamilton’s (BAH) Head of Strategic Cyber Threat Intelligence Nate Beach-Westmoreland told Nextgov. “So, Booz Allen wanted to know how and when Chinese cyber threats might be shaped by this change to help our clients manage their changing risk profile.” The report highlights potential specific technology areas quantum may impact, like secure communications and computational power—as well as China’s advancements in those realms so far. In a recently released 32-page document from BAH, experts warn that China, specifically, has become a major player in quantum computing and will likely soon collect encrypted American data in hopes to eventually decrypt it when the advanced quantum systems go into operation. They added that though chances are small that the nation will be able to break current generation encryption with quantum computers before 2030, “encrypted data with intelligence longevity”—such as biometric markers, covert source identities, Social Security numbers, and weapons’ designs—could be increasingly stolen with aims to eventually be decrypted.
“China’s quantum experts and government assess that their country is generally behind the United States in many quantum areas, but aims to surpass it by the mid-2020s,” the officials note. “Based on its current trajectory, it is unlikely that China will surpass the U.S. and Europe as the leaders in fundamental research and development, but it could plausibly lead in developing and deploying early quantum-computing use cases.”
Experts offer three recommendations for strategic stakeholders and chief information security officers to consider. They suggest conducting threat modeling to assess changes to organizational risk, developing an organizational strategy for deploying post-quantum encryption, and educating personnel about quantum computing to help prevent strategic surprises.
“The government is absolutely key in pushing this change across the federal and commercial space,” Beach-Westmoreland said. “Successful mitigation of this issue will be of vital benefit to core U.S. economic and national security interests.”