NATO and White House recognize post-quantum threats and prepare for Y2Q
(VentureBeat) While quantum computing technology is still in its infancy, the potential threat of PKC decryption remains. Last week, the NATO Cyber Security Center (NCSC) announced that it had tested a post-quantum VPN provider by U.K.-based quantum computing provider Post-Quantum, to secure its communication flows.
Post-Quantum’s VPN uses quantum cryptography that it claims is complex enough to prevent a malicious quantum computer from decrypting transmissions.
NATO isn’t alone in taking post-quantum cyber attacks seriously. The U.S. National Institute of Standards and Technology (NIST) recently announced that it was developing a standard to migrate to post-quantum cryptography to begin replacing hardware, software, and services that rely on public-key algorithms.
At the same time, the White House is also concerned over the threat raised by post-quantum computing, recently releasing a National Security Memorandum which gave the National Security Agency (NSA) 30 days to update the Commercial National Security Algorithm Suite (CNSA Suite) and to add quantum-resistant cryptography.
Post-Quantum’s CEO Andersen Cheng believes that as quantum technology develops we will reach a Y2Q scenario, where all these security measures are obsolete in the face of the computational power of weaponized quantum computers.
“People frequently talk about commercial quantum computers when referencing this Y2Q moment, and that’s a long way off — potentially 10-15 years away. But from a cybersecurity perspective, we’re not talking about slick commercial machines; a huge, poorly functioning prototype in the basement is all that’s needed to break today’s encryption,” Cheng said.
However, it’s not just data that exposed post-Y2Q that’s at risk; potentially any data encrypted data that’s been harvested in the past could then be unencrypted as part of a retrospective attack.
“Quantum decryption can be applied retrospectively, in that the groundwork for a ‘harvest now, decrypt later’ attack could be laid today. This means that, if a rogue nation-state or bad actor intercepted data today, they could decrypt this harvested data once quantum computers’ capabilities exceed those of classical computers,” he said.
While quantum computing could pose a substantial threat to enterprises down the line, there are a wide range of solution providers emerging who are developing state-of-the-art post-quantum cryptographic solutions to mitigate this.
The wave of providers developing state of the art cryptographic algorithms means there are plenty of solutions for enterprises to deploy to mitigate the risk of quantum computing, now and in the future, to ensure that their private data stays protected