By John Prisco
A pandemic opportunity for state-sponsored hackers
If anyone thought the global coronavirus pandemic would tamp down state-sponsored hacking and intellectual property theft — sadly, they are mistaken. For the third time in as many months, the FBI has re-issued a warning that state-sponsored hacking groups are on the offensive, this time with a particular focus on hospitals and their industrial control systems, like those that provide oxygen to patients, as well as the software supply chain in general.
Taking advantage of the current crisis isn’t entirely unexpected. For weeks, experts have raised alarm bells about increasing cyber attacks from China, possibly related to US-China tensions over COVID-19. Many of them follow a long pattern of high-stakes heists of U.S. intellectual property and national security secrets, which in recent years ranged from stealing Equifax’s data on half of all Americans to the U.S. Government’s files on almost all federal employees.
A longstanding pattern
China is relentlessly amassing an enormous data bank of sensitive information on all Americans, government officials and private citizens alike. Not only are there serious national security implications, as officials believe the stolen data could be used to target American intelligence officials, but the data has economic value, according to Attorney General William Barr.Cybercrime costs the U.S. economy $100 billion, and in a survey last year one in five companies said they had had their intellectual property stolen by China within the prior year.
The fact that China has stockpiled so much critical information is alarming — but whether all that data ultimately can be used against us is another question. They may have hijacked a massive treasure trove, but much of that data is likely encrypted, nothing more than endless strings of random letters and numbers.
The quantum threat
However, the looming arrival of quantum computers — which bring the potential to easily break the strongest encryption available today — is a gamechanger. Suddenly, the stockpiles of highly sensitive government and corporate data that have already been stolen by the Chinese become readable, clear as day.
Almostt hree-quarters of cybersecurity professionals expect quantum computing to crack today’s encryption within the next five years, and the race is on to develop a capable device. That day is getting closer: Google recently announced it had built a quantum computer that could shave 10,000 years off the computational time of the fastest classical computers, and Amazon soon followed with an announcement of its own.
But U.S. companies are not working on this alone. These companies and a handful of others may be in fierce domestic competition, but in reality they represent the U.S. effort against China — which is investing far more in this race.
Investing in defense-in-depth
China’s investment matches its decision to highlight quantum computing as an area of strategic importance in the country’s 13th five-year plan. It has filed twice as many quantum-related patents as their U.S. counterparts while building a $10 billion quantum research lab scheduled to open next year. They are also ahead in their efforts to defend their secrets, and already built a 1,263-mile quantum-proof encryption network between Beijing and Shanghai, utilizing technology called Quantum Key Distribution (QKD), which allows sensitive data to travel impervious to quantum-based attacks.
On offense and defense, the U.S. is falling behind. And like the space race, we really can’t afford to come in second place.
Our weaker position is in part due to a muddled policy response to the quantum threat. To date, most of our government’s security efforts have focused on creating stronger, quantum-resistant mathematical algorithms, or post-quantum cryptography (PQC). In the United States, the National Institute of Standards and Technology (NIST) is coordinating the quantum defense efforts on behalf of the National Security Agency and is updating the encryption standards we’ve used over the past 50 years with PQC. The agency is betting that PQC won’t eventually be cracked by quantum computers, but we know that QKD never will because it depends on photon-based keys and the laws of quantum physics instead of complex (but still breakable) mathematical algorithms. That’s why it is surprising that QKD development has been absent from the government’s plans.
This historic focus on a single form of security undermines a “defense-in-depth” strategy employing both PQC and QKD — a plan favored by the European Union and even major telecommunications companies in Asia.
We have ample opportunity to turn the tide. Congress should increase the funding allocated for quantum research under the Quantum Initiative Act. The Trump Administration just proposed a budget that includes $472 million for quantum computing research between the National Science Foundation and the Department of Energy, a major increase over last year but nowhere near competitive with China’s investment. We need these agencies, alongside NIST, to support QKD development and commercialization alongside PQC. In rolling out the budget, Under Secretary for Science at the Department of Energy Paul Dabba racknowledged the EU and China’s investment and research in this field, saying that “If we don’t, others will do it.”
The Under Secretary is right. Information is our most critical resource — and if we are to remain a world economic leader, we can’t sit back while China acquires the keys to the kingdom.
About the Author
John Prisco, CEO and President, Quantum Xchange
Throughout his 30-year career, John Prisco has demonstrated success driving revenue growth, implementing operational excellence, and bringing companies such as Triumfant, GeoVantage and Ridgeway Systems to successful exits. His depth of experience in telecommunications, cybersecurity and quantum physics are ideally suited to lead Quantum Xchange and its customers, partners, investors, and employees through the emerging era of quantum computing and the future of encryption.