Enable breadcrumbs token at /includes/pageheader.html.twig

DISA Exploring Quantum-Resistant Cryptography

Adversaries may have quantum computers within seven years.

Because U.S. adversaries likely will be able to use quantum computers within the next several years, Defense Information Systems Agency (DISA) officials are beginning to explore quantum-resistant technologies and the role the agency might play in developing or deploying those technologies.

Based in part on advances being made in the United States, Steve Wallace, systems innovation scientist for the Emerging Technologies Directorate within the agency, predicted quantum computers could threaten U.S. encryption algorithms soon. “As quantum computers become more prevalentand we think that within the next few years we’re on the cusp of quantum computing becoming a real thingit creates risk then for our current algorithms and those types of things,” Wallace said during a forecast to industry as part of the AFCEA TechNet Cyber virtual conference held December 1-3. “So, we want to look at quantum-resistant cryptography.”

During a roundtable discussion with journalists at the end of the conference, Wallace suggested that adversaries likely will own quantum computers sooner rather than later. “In terms of a timeline, it is something we would like to move fairly quickly on. The rationale there is the general belief that quantum computing is going to become more of a reality within the next five to seven years, and it’s probably closer to five at this point than seven,” he said. “That means we have to ... realize the fact that we have to have crypto algorithms in place prior to that to allow us to continue in a safe position. That’s why there is a building sense of urgency to go and get to that point.”

Even more challenging, he indicated, U.S. officials likely will not know when other countries have quantum computing capabilities. “Frankly, our adversaries likely won’t advertise the fact that they’ve achieved a quantum computer.”

Wallace outlined four phases that technology can go through at DISA: monitoring, planning, prototyping and deploying. “Right now, the agency is simply in the monitoring stage of learning more about quantum-resistant technologies. We’re really trying to understand the space and how it applies to DISA’s mission,” he said. “We aren’t doing anything in the quantum-resistant area right now. This is an area that we are looking to get into.”

The National Institute of Standards and Technology (NIST) is in the process of selecting quantum encryption algorithms, which once approved, presumably will be adopted across government. The National Security Agency (NSA) also plays a role in developing, testing and certifying encryption technologies. “NIST is already doing some work in this area, as are other government agencies, and we’re looking to partner with them and see how we can move some of that forward,” Wallace said. “We have been working with NSA, NIST and other government organizations to better understand how quantum is going to play into the future of where we go with algorithms.” 

DISA already has a role in deploying current encryption technology in such items as the Common Access Card (CAC), which will need to be protected from quantum computers. “DISA has a pretty large hand in what we do in cryptography in the Department of Defense today around the issuance of the CAC cards to a number of other things behind the scenes with respect to certificates and that type of thing,” Wallace said. 

Wallace could not say for certain yet what role DISA will play with quantum-encryption algorithms. “We are not, right now, looking to stand up quantum computers, but we are looking to understand how quantum computers may impact our ability to defend our networks going forward.”

Asked whether the agency might be awarding contracts for quantum-related technologies in the future, he left the possibility open. “Quite possibly so. We’re still fairly early on ... but there is that possibility going forward.”

DISA has explored quantum encryption before, he noted. “We had done some looking at it in the past, frankly, but we have no activities on it right now, so we’re looking to get back to that, dust off what we had done previously, freshen it up, and look at what we can do.”

Enjoying The Cyber Edge?