NotPetya, WannaCry, MimiKatz, BlackEnergy, OlympicDestroyer and KillDisk. Some readers may recognize these and some may not. They are some of the most infamous and successful cybersecurity malware programs ever created and have caused tens of billions in damage. And, according to the experts, these malicious programs were developed and deployed by Nation State-sponsored groups with the intent of disrupting or destroying valuable computer systems that control energy grids, enterprise, military, healthcare and government systems. The worst part of this malware is not just the fact that it can steal assets, but these programs are capable of taking over control systems which means they can now control physical environments not just digital. Now, lives are at risk.
Let's add another dimension. Quantum computing. Google CEO Sundar Pichai speaking at the World Economic Forum in Davos in Switzerland this past week warned that quantum computers will be able to break encryption within as little as five years. You may recall that Google announced quantum supremacy in September 2018 although the claim was challenged by IBM. Nonetheless, quantum computers have the capability to scale well beyond any computer power we have ever seen.
According to the Herjavec Group, in their 2019 annual cybercrime report, cyber criminals have access to a $6 trillion economy, and cybersecurity defenses have about $200 billion to fight it. This means that we are outgunned by 30 times.
As quantum computers come online, we expect hackers and state-sponsored groups to gain access to these computers which will tear through standard encryption. In some senses, it may already be too late. Digital assets are being stolen (Steal Now, Decrypt Later or ‘SNDL’) every day, and even if assets are currently encrypted, hackers will work to break that encryption. As quantum computers light up over the next few years, the data in those stolen databases could still be valuable. So it is important as a government agency or commercial enterprise that you begin to quickly think about building quantum resilience into your upcoming systems and processes. The good news is that quantum resilient systems will also provide greater security against classical computing hacks, and it's a win-win to be cyber forward-compliant.
Additionally, it’s important to think about securing communications. China has touted that they have secured communications between a satellite and the earth using quantum key distribution (QKD) and entanglement, a subatomic property which is impossible to breach if implemented correctly. QKD solutions are available today, and it’s worthwhile to start exploring how QKD can make sure your communications are quantum-proof moving forward.
The time to work on quantum resilience is now. Eventually the only thing that will stop a quantum computer is another quantum computer. Since communications are traveling at the speed of light across wireless and fiber now, all of it will be available if somebody can hack our communication lines in a few years and look back to see what we were transmitting.