Federal officials are bracing for a quantum computer cyberattack and asking private businesses to help prevent widespread devastation.
National security officials fear a super code-breaking cryptanalytically relevant quantum computer, or CRQC, will crack the encryptions of modern systems, exposing state secrets, financial transactions and other sensitive information. Researchers warn darkly of “Q-Day,” when a combination of quantum-classical computing power and artificial intelligence technologies threaten to undermine data security encryption methods.
The U.S. intelligence community is asking private businesses to help defend against such a powerful machine, and the Commerce Department is working to get new encryption tools into the hands of defenders. At the Department of Homeland Security, officials are developing guidance to address quantum technology risk.
Kathryn Knerler, the U.S. intelligence community’s chief information security officer, told a gathering of cybersecurity experts and hackers in Las Vegas this month that the quantum computing age is approaching. She said quantum computing will be a “very large game-changer” and people must secure artificial intelligence systems before the world takes the quantum leap.
“We have, in my estimation, about five or six years to look at how we secure artificial intelligence,” Ms. Knerler said at the Black Hat USA 2024 conference. “So my challenge to all of you is please help us to secure artificial intelligence and come up with the guardrails.”
Forecasts for the emergence of a CRQC vary, but the U.S. government is scrambling to contain the fallout of an adversary winning the race to obtain such a powerful machine.
Also this month, the National Institute of Standards and Technology revealed encryption tools “designed to withstand the attack of a quantum computer.”
The laboratory, housed inside the Commerce Department, said it finalized encryption algorithms “built for the future.”
Mathematician Dustin Moody urged people to use the three new standards while the government bolsters its defenses against a quantum attack.
“We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe,” Mr. Moody said in a statement. “But for most applications, these new standards are the main event.”
Officials at the Black Hat conference said the Department of Homeland Security is working under the assumption that a CRQC will emerge by 2030.
Homeland Security policy adviser Florence Lewine said her team does not know when the CRQC will emerge, but the “threat to the asymmetric encryption models already exists today.”
“We don’t want you to start thinking about this concern when you open the newspapers and hear that one of our adversaries has a CRQC,” Ms. Lewine told the cybersecurity pros and hackers. “We want you to start thinking about how you can prepare for this right now.”
Ms. Lewine said Homeland Security is developing guidelines for emerging quantum technology, particularly involving quantum sensing, quantum communication and quantum-enabled artificial intelligence.
Government officials’ frantic efforts to secure systems are driven by global competition to gain a quantum edge. Noah Ringler, the department’s AI adviser, said researchers worldwide make breakthroughs in quantum supercomputers’ processing power every six to eight months.
“With that, the general trend towards more computational efficiency, even though we are very, very far from optimized systems because we see the potential for intersection of these breakthroughs, we have to prepare for the potential risk landscape,” Mr. Ringler said at the Black Hat conference.
Asked whether Ms. Lewine and Mr. Ringler expect the CRQC to emerge abroad, they told The Washington Times they were not operating under that assumption.
The National Security Agency is concerned that a foreign adversary may develop a CRQC first, but NSA research director Gil Herrera said in March that no country has a quantum computer that he would consider useful — so far.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.