SIGNAL Executive Video: Quantum Resistant Encryption Critical for Federal Agencies
Quantum computers and algorithms threaten common cryptography keys that protect information and measures to safeguard data is an immediate need. Sensitive information is currently at risk of being harvested and stored for later decryption, while quantum resistant algorithms could potentially be placed in networks as a channel to exploit data in the future.
Jim Smid, chief technology officer at Palo Alto Networks, said while quantum computers “aren’t necessarily new,” they are rapidly advancing to decrypt security mechanisms that rely on cryptography. Cybersecurity experts are working on stronger, quantum-resistant encryption, because the more powerful technology will be able to break keys in seconds that would take traditional computers millennia. Smith explained how companies are designing defenses against the technology in a recent Executive Video with SIGNAL Media.
The National Institute of Standards and Technology (NIST) is expected to release sometime in 2024 standards for post-quantum cryptography (PQC), or encryptions that will remain secure against quantum computers and algorithms. When NIST releases those standards, federal agencies must move quickly and find partners to help meet them.
Palo Alto Networks is working to keep pace with developing standards, including the standard document RFC 8784, which will change pre-shared keys to better protect encrypted data. Pre-shared keys are often shared within exchange traffic and are made of prime numbers, factors that expose vulnerabilities to quantum attacks. Speaking technically, keys sent in band can be harvested, and quantum computers can more quickly decrypt when they search only through prime numbers. RFC 8784 standards keep keys out of band to prevent harvesting, and no longer base them on prime numbers.
"That's really the first step, but it's one of many,” Smid said during the interview. “This will be an iterative process in terms of what NIST will put in place to make sure that we are resistant to quantum.”
Current cyber tools are unable to see data that has been encrypted by a PQC, making networks vulnerable. Hackers can move data invisibly through PQC-encrypted access points unless networks are prepared with new tools to detect them.
Palo Alto Networks has a firewall that combines with an operating system (OS) to fight different kinds of attacks while looking toward the future by focusing on feature functionality. Services such as URL and DNS, advanced threat protection, and Internet of Things and operational technology support are all offered as part of its platform—where they previously would have been standalone tools that struggled to integrate and share information.
Currently deployed solutions are limited as companies develop add-on products that move traffic in and out. Combined platforms instead work to bring functionality directly into existing products that won’t rely on a proprietary PQC that can be exploited.
"A lot of the standalone products that can’t be integrated out of the box … will go the way the pager did with your cellphone right there,” Smid said.
Federal agencies soon must lay out plans to protect information with post-quantum standards, and need to figure out how to prioritize what to address. They will need to find trusted partners and assign resources for addressing PQC standards, then work on making an inventory and priority list, evaluate and test solutions for protection.
Quantum development will continue to progress on two fronts, as entities race to be the first to get their hands on the technology as a tool while working to protect their own data from attack. Smith said the technology has the potential to become a significant strategic advantage for whoever produces it, which is driving development of a defense against it.
Defenses against quantum technology need to be built with adaptability in mind. As quantum computers and algorithms get faster and more advanced, increasingly resistant encryption will be needed.
"Standards are not only evolving, but we've seen some of the proposed standards break,” Smid said. “It's not out of the question for standards in the future to be cracked or to be broken either.”
Uncertainty about what needs to be in place to protect against an unfinished technology is why Palo Alto Networks is developing an OS and firewall to work together.
"You need the modularity,” Smid said.