Enable breadcrumbs token at /includes/pageheader.html.twig

Prepare National Security Systems Now for Quantum Threats

Necessary NIST encryption standards are imminent.

With the National Institute of Standards and Technology expected next year to select quantum-resistant algorithms for encryption and for digital signatures, an NSA official warns that departments and agencies should begin preparing now to protect national security systems in the quantum era. Credit: sakkmesterke/Shutterstock

The national security community needs to prepare now for the possibility that U.S. adversaries could develop and deploy quantum computers, which would render useless most conventional encryption algorithms, says Adrian Stanger, senior cryptographic authority, Cybersecurity Directorate, National Security Agency (NSA).

If Russia or China, for example, develops quantum computerst, conventional computing algorithms protecting U.S. national security systems (NSS) would be vulnerable. NSS are communications systems owned and operated primarily by the intelligence agencies and the Defense Department. Any country gaining quantum dominance also could endanger other critical infrastructure systems, such as those used for banking and finance, transportation, healthcare and electric power grids.

While quantum computers are still in the early stages, they are expected to pack enough computing punch to crush conventional encryption algorithms. “With an advanced quantum computer, adversaries could potentially thwart the cryptographic protection mechanisms and leave little or no trace even. This would threaten what we technically refer to as the confidentiality, the authentication and integrity of data and systems. That’s what a quantum computer could do,” Stanger states.

Classical computers have many strengths but find some problems intractable—such as quickly factoring large numbers, explains an online article published by the National Institute of Standards and Technologies (NIST). “Current cryptographic systems exploit this difficulty to protect the details of online bank transactions and other sensitive information. Quantum computers could solve many of these previously intractable problems easily, and while the technology remains in its infancy, it will be able to defeat many current cryptosystems as it matures,” the NIST article explains.

NIST has been working for more than three years to develop standards for post-quantum encryption algorithms capable of protecting critical U.S. systems from quantum computers, which some experts predict could become available within two decades. NIST is in the third and final stage of selecting the algorithms that will ultimately become the standard, and next year the institute should select a handful of solutions from the current crop of 15. A spokesman from NIST indicates that one or two will be used for the encryption standard, others for digital signatures.

But there is a lot that national security organizations can do now to prepare to implement those solutions once they become available, Stanger says. “National security systems operators must protect against the quantum threat to decrease the chance of espionage or even cyber warfare. They may have to rebuild systems from scratch or operate at great risk if they do not protect against quantum threats,” he warns.

He suggests national security system owners and operators consider four potential challenges to adopting post-encryption algorithms. “I would lump [the challenges] into four bins. There is a timing consideration. There is some coordination, and then there’s always resources and planning. Anytime you kind of change things, those are always going to be in play.”

Regarding timing, Stanger suggests moving too quickly could be as problematic as moving too slowly. “It’s important that we get the timing right. If people delay transitioning to a post-quantum environment, then their systems and data are vulnerable to the quantum computing threat,” he notes. “However, what sometimes people don’t consider is that if you move too fast, then you may have unapproved algorithms, nonvalidated implementations or nonstandard protocols, and each of those has a risk that may make the system potentially more vulnerable or may increase the risk to interoperability with partners.”

With that in mind, the NSA has tried to provide departments and agencies “plenty of lead time to accomplish all that’s required.” The agency began providing guidance in 2015. “I guess my key takeaway here on the timing aspect is to make sure to follow NSA and NIST guidance and to start planning and preparing now to be ready when that time is appropriate.”

Around the same time that NIST selects its final post-quantum algorithms, the NSA will announce quantum-resistant algorithms to replace the Commercial National Security Algorithm Suite. The suite includes 256-bit encryption and is currently used to protect national security systems up to the top-secret level.

At that time, the agency also will suggest timelines for implementing the algorithms. “There will be some lag between having algorithms standardized and protocols and implementations and having that go through certification processes, but yes, we would like people to be ready to make that transition as soon as feasible after those things are in place,” Stanger indicates.

He also suggests NSS managers coordinate with the government to implement the standards. “Make sure to follow NSA and NIST guidance as appropriate. Keep following those because we’re going to have more information coming out the further along we get.”

Planning includes assessing network needs and potential weaknesses. “Understand your dependencies, assess your systems and make plans for how to address any of the issue spots. Look at systems and data, determine all those dependencies upon classical public key crypto and make plans for each of those,” Stanger recommends. Look at the impact that inclusion of post-quantum algorithms and protocols will have in your systems, in your networks. Because they are larger, they can have impacts on some of the protocols.” Those impacts, he clarifies, would mostly be slowing down communications systems.

Planning also includes budgets and personnel. “Right now, we’re talking about procuring the needed budgets, and maybe in some cases, even personnel to work on the transition effort,” Stanger offers.

To the technologically challenged, it may seem impractical to develop and use post-quantum algorithms before quantum computers are even available, but Stanger says the underlying mathematical model has been around for a while. “The algorithms that a quantum computer can perform are based on a well-understood mathematical model, and it’s one that’s been tested experimentally in physics—many physics experiments—for nearly a century now,” he explains.

Recent developments in the commercial sector reinforce the model. “We’re also seeing this verified a little bit with some of these commercial developments, some of these announced commercial quantum computers—very small ones—and they’re showing the progress, and they use the same physical and mathematical basis for computations,” he adds.

Cryptanalysts, however, continue to research and develop new attack methods against both classical and quantum algorithms. “Cryptanalysts throughout the community always continue to analyze algorithms and develop new attacks on the cryptographic algorithms. As this happens, we gain more and more confidence about the algorithms that get lots of attempted analysis but resist all those attacks,” Stanger explains. “Whether it’s a quantum algorithm attack or a classical attack, the process itself is similar, even though it is true that we have more experience with classical algorithms than quantum algorithms.”

Quantum computers will threaten much more than national security systems or other government systems. The critical infrastructure computers and networks, which are largely owned by the private sector, also will be at risk. That includes the healthcare industry, banking and finance, transportation, energy and food and agriculture sectors, among others.

“The threat of a sufficiently large quantum computer would be that any of those could be compromised. Even though this isn’t in NSA’s remit to focus on providing the mitigations for … if they didn’t have mitigations in place—post-quantum algorithms or some other mitigation—then they could be susceptible to having their information technology systems compromised,” Stanger notes. “You have the same type of threat where it could be devastating to any of those systems.”