As quantum computers continue to advance and become more powerful, they present a significant threat to the Department of Defense’s cybersecurity assurance.
When former Pentagon’s Chief Data Officer, David Spirk, left his post in March 2022, he did so with a warning: “I don’t think that there are enough senior leaders getting their heads around the [cybersecurity] implications of quantum… I think that’s a new wave of computers that, when it arrives, is going to be a pretty shocking moment to industry and government alike.”
Quantum computers have the ability to process information much faster than classical computers, making them capable of cracking the secure encryption algorithms relied on to protect information today. This could allow adversaries to access sensitive military intelligence, disrupt communication networks, and even disable military systems.
In late 2021, the head of the NSA’s Cybersecurity Directorate signaled that developing next-generation cryptologic systems to secure weapon systems from foreign adversaries was a top priority. In a fact sheet published that year, the NSA stated that “the impact of adversarial use of a quantum computer could be devastating to National Security Systems.”
The battle for quantum supremacy is already under way, and is set to fundamentally change the defense sector as the technology edges towards maturation.
The quantum threat is closer than you think
Many experts, including Spirk, believe that military applications for quantum computing could be less than 10 years away.
Case in point: according to the Pentagon’s annual report on Chinese military power, China recently designed and fabricated a quantum computer capable of outperforming a classical high-performance computer for a specific problem.
This is also why DARPA announced the ‘Underexplored Systems for Utility-Scale Quantum Computing’ (US2QC) program to explore potentially overlooked methods by which quantum computers could achieve practical levels of utilization much faster than current predictions suggest.
The White House recently signed the Quantum Computing Cybersecurity Preparedness Act into law, signaling that it regards quantum as a serious issue. The act addresses the migration of executive agencies’ IT systems to post-quantum cryptography (PQC) - encryption which is secure from attacks by quantum computers because of the advanced mathematics underpinning it.
As major powers like China, under its Digital Silk Road initiative, continue to accelerate investment into advanced technologies like AI and quantum computing, the US risks being left behind if it does not pay equal attention to the quantum opportunity - and to the quantum threat.
The need for action is all the more urgent because of the looming threat of ‘harvest now, decrypt later’ attacks, by which adversaries can gather sensitive data today to decrypt as soon as they have their hands on a sufficiently powerful quantum computer.
Time is running out for the DoD
The defense sector needs to take the threat of quantum computers seriously because they have the potential to greatly impact national security.
Encryption is a crucial tool for protecting sensitive military information, and if quantum computers are able to break current encryption algorithms, this could compromise the security of classified documents, strategic plans, and even communication networks. This could potentially give adversaries an advantage in military conflicts and put US military personnel at risk.
In addition to the potential impact on national security, the defense sector also has a responsibility to protect the personal information of military personnel and civilians. Quantum computers could potentially be used to steal sensitive personal information, such as social security numbers, as well as medical and financial information.
As DoD moves from network-centric operations to data-centric operations, PQC implementation becomes even more relevant, regardless of whether the data comes from the cloud or any other source. DoD’s Joint All Domain Command and Control (JADC2) and Joint Cloud Computing concepts, network modernization etc. will all require post-quantum cryptography for cybersecurity assurance.
Quantum computers also have the ability to perform complex calculations at a much faster rate than classical computers, which could allow them to disable or manipulate military systems. This could potentially disrupt communication networks, navigation systems, and even weapons systems, leading to potential loss of lives and damage to military assets.
In July last year, the National Institute of Standards and Technology announced a major milestone in its efforts to standardize post-quantum cryptography algorithms.
New draft standards are a welcome arrival and will hopefully dispel any hesitation about putting concrete transition roadmaps in place. But the bigger picture is that encryption standards are going through their biggest change in decades, and post-quantum cryptography will soon be essential for all businesses hoping to work with the US government. Up to $3 billion of federal quantum projects are now either in operation or planned, including a $1.2 billion National Quantum Initiative.
The advent of quantum technology converges with the race for global tech supremacy as well as a period of turbulent geopolitics. The longer the government and businesses wait to act, the greater the potential harm.
Freddie Hudson is director for the Federal and Defense Sectors at PQShield, a cybersecurity company specializing in post-quantum cryptography. He is a retired Army Lieutenant Colonel and experienced defense contractor specializing in cyber/IT and Integrated Air and Missile Defense.
Have an opinion?
This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.