Quantum Computing: The Growing Threat Of SNDL

Uploaded on 2024-01-31 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Advances in  the combined power of computing and Artificial Intelligence are on the verge of transforming many aspect of work and life. As these technologies become more widely distributed it is becoming very important to understand the potential security risks. Specifically, quantum computing promises extraordinary performance gains that could have a profound impact on global economies, security and welfare. 

Quantum computing has the potential transform industries like financial services, aerospace, and pharmaceuticals and has attracted  significant private & public sector investment. But the power of quantum computing can be leveraged for bad purposes and even with the best intentions, these downside risks need to be considered.

Microsoft has already told organisations to begin preparing for potential cyber attacks based on quantum technology and cyber criminals are already gathering encrypted data so they can attack it as soon as the right tools are available. CISOs must start planning for the future today.

Currently, sophisticated threat actors  are carrying out Store Now Decrypt Later (SNDL) attacks against the US and other governments, and they are storing sensitive encrypted data which is critical to national security. 

Often the purpose of stealing this sensitive data is to decrypt it using quantum computers. Previously, the public-key encryption algorithms that have protected stored data, communications, financial transactions, networks, government secrets, intellectual property and other assets for nearly 50 years, will become obsolete, and the sensitive information that they protected will be revealed by quantum computing. 

Any encrypted data that has already been stolen can no longer be protected and this danger is immediate.

Quantum computing applies the principles of quantum physics to information technology. While classical computing is based on binary bits, quantum computing uses quantum bits, or “qubits”. Like a bit, a qubit can hold a value of 0 or 1, but it can also have a superposition state, being in both states simultaneously. Another important quality is entanglement, which means that one or more qubits can be linked together so that changes to one qubit affect the other, even if those two qubits are light years apart from one another.

The benefits that could come with the power of quantum computing are frequently discussed, but the cyber security of this new computing is also high level security problem facing governments. 

It’s imperative that government regulatory agencies start migrating vulnerable cyber security protocols to post-quantum cryptography (PQC) as PQC will protect this sensitive government and critical industry data from these new types of cyber attacks.

The US government has already taken some positive steps against this national security threat. In May 2022 President Biden issued an executive order, along with two national security memorandums directing the US to accelerate its quantum computing cyber security. Subsequently the US House of Representatives passed the Quantum Computing Cybersecurity Preparedness Act and this bill now awaits Senate review. Industry is standing by to support the US government upon Senate approval and US Government implementation.

While it is a much-needed step in the right direction, the proposed legislation does not adequately take account of the present threat posed by SNDL attacks on vital government, military and infrastructure systems that rely on current public key cryptography. 

Much of the encrypted data will continue to be sensitive for decades. Once this data is exfiltrated, there is nothing that can be done to prevent it from eventually being exploited by adversaries. Post-quantum cryptography (PQC) protocols can protect against SNDL attacks, but the migration process to PQC is unlikely to be quick

Quantum computing is still developing and it is uncertain the extent of the transformation or how quickly quantum computers will spread throughout the business world and the criminal world. But while quantum computing is certain to have a profound impact on existing cryptography, it is already delivering innovation in cyber security that will help mitigate increasingly sophisticated threats.  

Microsoft:      Whitehouse:    Whitehouse:     US Congress:   Cyberscoop:      Forbes:       

Springer/Link:      Mimecast:      Cybermagazine:      Image: Alex Shuper

You Might Also Read:

Quantum Computing  - Its Background & Future:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« FinOps In Cybersecurity: Managing The Cost Of Security
The Importance Of Cloud Access Security In Today's Cyber Landscape »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

Eversheds Sutherland

Eversheds Sutherland

Eversheds Sutherland is a global multinational law practice offering a full range of commercial and IT law services including Privacy, Data Protection and Cyersecurity.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.