888-384-7144 info@insidequantumtechnology.com

Quantum Particulars Guest Column: “Implications of a Quantum Attack and an Approach for Recovery”

In a new guest article, QuSecure Senior Software Engineer Joseph Pirone discusses the implications of a quantum attack on data security.
By Guest Author posted 04 Apr 2024

“Quantum Particulars” is an editorial guest column featuring exclusive insights and interviews with quantum researchers, developers, and experts looking at key challenges and processes in this field. This article, focusing on quantum attacks and data security, was written by QuSecure Senior Software Engineer Joseph Pirone. 

As quantum computing continues to capture the imagination of researchers and the wider public, scientific advancements, technological breakthroughs, and cyberthreats are inevitable. As the computing world evolves, so must the security that protects sensitive data and intellectual property. The consequences of a breach with a powerful quantum computer are far reaching. Such a development could threaten national security, economic stability, and vital infrastructure.

The good news is that leaders in the post-quantum cryptography (PQC) space offer available solutions to protect against the quantum threat. But what if our governments, power companies, and banks ignore the warnings of a quantum attack and refuse or are late updating their cybersecurity protocols?

Quantum Computing’s Potential Threats

Quantum supremacy is a term to define when a quantum computer can outperform a classical computer on a given computational problem. Additionally, it is known that a quantum computer with over 4000 qubits has the potential to break RSA encryption (the encryption that protects the Internet). A quantum computer could launch devastating cyberattacks on various U.S. infrastructure elements. Sectors like energy, finance, healthcare, transportation, and communication would be at significant risk of exploitation and disruption.

Since a quantum computer will eventually break traditional encryption methods, rendering many existing cybersecurity measures obsolete, to grasp the impact of not having proper safeguards against this new threat, it is important to understand what a quantum attack could do.

For example, quantum-enabled cyberattacks on the U.S. energy grid could potentially cripple power generation, transmission, and distribution systems. Widespread blackouts could create chaos, disrupt supply chains, and paralyze industries that heavily rely on electricity. Lives would be lost starting with people in hospitals and nursing facilities. Trickle-down implications of a quantum attack on the U.S. infrastructure would impact the nation’s economy.

With power outages affecting industries, manufacturing, and commerce, economic losses could run into billions of dollars, impacting both businesses and consumers. The stock market could suffer a significant downturn, leading to widespread investor panic and financial instability.

Other vulnerable targets include telecommunication systems, internet networks and communication satellites. A successful quantum attack could disrupt communication channels, isolate communities, and hinder vital communication during emergencies. This loss of connectivity would impede emergency response efforts, exacerbating the crisis caused by the cyberattack.

In addition, the healthcare sector, reliant on digital technology and sensitive patient data, would face dire consequences. Hackers could gain access to medical records, disrupt hospital operations, and potentially jeopardize patient safety. Furthermore, they could tamper with critical medical research on data and drug development processes, affecting public health in the long run.

After a cyber-attack of any type, including quantum, recovery and remediation are immediate priorities for any cybersecurity team. The lasting damages will be directly related to how efficiently the cybersecurity teams can implement a path forward following an attack. At the highest level, there are two phases that must occur after an attack – recovery and remediation.

Recovering from a Quantum Attack

Recovering a quantum attack is a critical step-by-step process that is unique for each system but roughly follows a similar outline. The first step is recognizing the system has been compromised and isolate the infected components. Next, a response team should analyze the ecosystem to better understand what was exposed and begin assessing the impact of the attack. This process is also crucial for mitigating similar future attacks as well as providing a comprehensive definition of the vulnerability. Typically, the step that follows is to patch and update the software and operating system running on the affected machines. Lastly, there should be procedures to change credentials, monitor, and educate the right personnel on the breach and its impacts.

Turning to remediation, after a worst-case attack, cybersecurity personnel will have to act quickly and efficiently to restore their systems. They must pick a remediation method that will allow for fast implementation that is easily scalable and can be backwards compatible with older systems. Additionally, the remediation solution of choice must be sophisticated and cutting-edge to properly combat the quantum threat. Such a complicated list of requirements can only be met by software-based PQC solutions.

It is important to understand why a solution that relies heavily on hardware will most likely be a poor solution for recovering and remediating quantum attacked systems. The amount of critical infrastructure that needs to be patched is extensive. With a hardware solution, every piece of existing hardware on every crucial server would have to be manually updated.

Using a more specific example, all critical U.S. government and military satellites would need new hardware. The only way to complete this update would be to either take every satellite out of orbit or send a team of astronauts to every satellite in space. The hardware approach to updating is outdated, requires laborious effort, and would take too long.

On the other hand, a software solution will not have these issues and provides a multitude of benefits – starting with scalability. Software is capable of getting to all parts of an ecosystem. This means there can be PQC safe communication with a satellite while still remaining in orbit with its legacy hardware. Additionally, a software solution can update hundreds or even thousands of nodes at a time depending on the system architecture – all with the push of a button.

Furthermore, a properly engineered software security solution will be compatible with legacy protocols like Transport Layer Security (TLS) to protect legacy and military grade systems. Finally, advanced software-based PQC solutions using cryptographic agility – the ability to dynamically change to more secure PQC algorithms on the fly – will provide an enterprise or government organization a greater ability to protect against potential future attacks.

As quantum computing technologies advance, the potential for cyberattacks on critical infrastructure becomes a pressing concern. The threat of a powerful quantum computer hacking into U.S. infrastructure raises alarming possibilities. To protect national security, the economy, and the wellbeing of American citizens, it is essential for governments, businesses, and individuals to collaborate in developing quantum-safe solutions and bolstering cybersecurity measures. By acknowledging the quantum threat and acting proactively, we can work towards a safer and more resilient digital future.

Joseph Pirone is a Senior Software Engineer for QuSecure, a quantum company focused on data security. 

Categories: cybersecurity, Guest article, quantum computing, software

Tags: cybersecurity, Joseph Pirone, quantum attack, QuSecure

Subscribe to Our Email Newsletter

Stay up-to-date on all the latest news from the Quantum Technology industry and receive information and offers from third party vendors.

Ethan Krimins, Leader of the Quantum Research Sciences (QRS) is an October 2024 IQT Quantum + AI conference speakerIQT News — Quantum News Briefs