Quantum Computing: The Growing Threat Of SNDL

Advances in  the combined power of computing and Artificial Intelligence are on the verge of transforming many aspect of work and life. As these technologies become more widely distributed it is becoming very important to understand the potential security risks. Specifically, quantum computing promises extraordinary performance gains that could have a profound impact on global economies, security and welfare. 

Quantum computing has the potential transform industries like financial services, aerospace, and pharmaceuticals and has attracted  significant private & public sector investment. But the power of quantum computing can be leveraged for bad purposes and even with the best intentions, these downside risks need to be considered.

Microsoft has already told organisations to begin preparing for potential cyber attacks based on quantum technology and cyber criminals are already gathering encrypted data so they can attack it as soon as the right tools are available. CISOs must start planning for the future today.

Currently, sophisticated threat actors  are carrying out Store Now Decrypt Later (SNDL) attacks against the US and other governments, and they are storing sensitive encrypted data which is critical to national security. 

Often the purpose of stealing this sensitive data is to decrypt it using quantum computers. Previously, the public-key encryption algorithms that have protected stored data, communications, financial transactions, networks, government secrets, intellectual property and other assets for nearly 50 years, will become obsolete, and the sensitive information that they protected will be revealed by quantum computing. 

Any encrypted data that has already been stolen can no longer be protected and this danger is immediate.

Quantum computing applies the principles of quantum physics to information technology. While classical computing is based on binary bits, quantum computing uses quantum bits, or “qubits”. Like a bit, a qubit can hold a value of 0 or 1, but it can also have a superposition state, being in both states simultaneously. Another important quality is entanglement, which means that one or more qubits can be linked together so that changes to one qubit affect the other, even if those two qubits are light years apart from one another.

The benefits that could come with the power of quantum computing are frequently discussed, but the cyber security of this new computing is also high level security problem facing governments. 

It’s imperative that government regulatory agencies start migrating vulnerable cyber security protocols to post-quantum cryptography (PQC) as PQC will protect this sensitive government and critical industry data from these new types of cyber attacks.

The US government has already taken some positive steps against this national security threat. In May 2022 President Biden issued an executive order, along with two national security memorandums directing the US to accelerate its quantum computing cyber security. Subsequently the US House of Representatives passed the Quantum Computing Cybersecurity Preparedness Act and this bill now awaits Senate review. Industry is standing by to support the US government upon Senate approval and US Government implementation.

While it is a much-needed step in the right direction, the proposed legislation does not adequately take account of the present threat posed by SNDL attacks on vital government, military and infrastructure systems that rely on current public key cryptography. 

Much of the encrypted data will continue to be sensitive for decades. Once this data is exfiltrated, there is nothing that can be done to prevent it from eventually being exploited by adversaries. Post-quantum cryptography (PQC) protocols can protect against SNDL attacks, but the migration process to PQC is unlikely to be quick

Quantum computing is still developing and it is uncertain the extent of the transformation or how quickly quantum computers will spread throughout the business world and the criminal world. But while quantum computing is certain to have a profound impact on existing cryptography, it is already delivering innovation in cyber security that will help mitigate increasingly sophisticated threats.  

Microsoft:      Whitehouse:    Whitehouse:     US Congress:   Cyberscoop:      Forbes:       

Springer/Link:      Mimecast:      Cybermagazine:      Image: Alex Shuper

You Might Also Read:

Quantum Computing  - Its Background & Future:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« FinOps In Cybersecurity: Managing The Cost Of Security
The Importance Of Cloud Access Security In Today's Cyber Landscape »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cybercrowd

Cybercrowd

Cybercrowd is a cyber security specialist offering technical services, cyber security assessments, guidance and security thought leadership.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.