Hackers are stealing data now so that quantum computers can crack it for a decade
“The threat of an enemy nation-state getting a huge quantum computer and accessing your information is real,” said Dustin Moody, a mathematician at the National Institute of Standards and Technology (NIST). “The threat is that they will copy your encrypted data and keep it until they have a quantum computer.”
Faced with this “harvest now and decrypt later” strategy, officials are working to develop and deploy new encryption algorithms to protect secrets against an emerging class of powerful machines. That includes the Department of Homeland Security, which says it is leading a long and difficult transition to so-called post-quantum cryptography.
“We don’t want to get into a situation where we wake up one morning and there’s a technological breakthrough, and then we have to do the job for three or four years in a few months — with all that extra. risks associated with that, ”said Tim Maurer, who advises the secretary of homeland security on cybersecurity and evolving technology.
DHS recently released a road map for the transition, starting with a call to catalog the most sensitive data, within government and in the business world. Maurer said it’s an important first step “to see what sectors are already doing, and where they need help or knowledge to make sure they work now.”
Prepare in advance
Experts say it could be another decade or more before quantum computers can do anything useful, but with money being poured into the field in China and the US, the race is on. make this happen — and design better protections against quantum. attacks.
The US, through NIST, holds a contest since 2016 aiming to create the first quantum-computer-proof algorithm by 2024, according to Moody’s, leading NIST’s project on post-quantum cryptography.
Moving to the new cryptography is a notoriously difficult and lengthy task, and one that can be easily ignored until it is too late. It can be hard to get for -profit organizations to spend on an abstract future threat years before that threat becomes real.
“If organizations don’t think about the transition now,” says Maurer, “and then they are overwhelmed by the time the NIST process is complete and the sense of urgency is already there, it increases the risk of accidental incidents… The moving is never a good idea. ”