What the “Store Now, Decrypt Later” Attacks Mean for National Security
By: Jonathan “Gouda” Selby, PhD, Senior Director, Federal Operations, QuSecure
In the era of quantum computing, data security is more important than ever. Quantum computers have the potential to break traditional cryptography, rendering our current data security measures obsolete. As adversaries begin to carry out “store now, decrypt later” attacks, securely storing sensitive encrypted data has become more critical than ever. This article will discuss the implications of SNDL attacks on national security and how we can protect ourselves against them.
The antiquated public-key encryption algorithms used for nearly half a century to protect our government secrets and intellectual property are no longer practical. Consequently, confidential information guarded by these systems is now vulnerable and at risk. The problem is happening as we speak.
If the United States wants to protect itself from quantum computing attacks, it must switch to post-quantum cryptography protocols. This is a pressing matter of national security, and the government has already begun to act on this issue. A White House executive order issued on Jan. 19, “Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems,” outlines several near-term security directives. In layman’s terms, the executive order suggests that government agencies stop using unsupported encryption and switch to a zero-trust architecture. This will make room for quantum-resilient cryptography and post-quantum communications. Why is this crucial? Because quantum computing poses a national security risk, data is being stolen to decrypt it as soon as these powerful quantum computers come online.
If you’re struggling to understand the implications of this memo, don’t worry – an earlier White House memo from May 2021 sheds some light on the matter. The executive order “Executive Order on Improving the Nation’s Cybersecurity” doesn’t mention quantum threats explicitly. Still, it does lay out various goals for high-level government agencies that hint at the potential dangers of quantum computing. So, while there’s nothing specifically about quantum computers in this most recent memo, it’s clear that those risks are very much on the radar of those in charge.
Washington must become the leading figure in quantum information sciences, starting with immediate action on post-quantum cryptography enterprise. We cannot afford to fall behind.