As Federal agencies are working to protect themselves from quantum-driven hacking, Federal experts on Thursday said that cybersecurity teams must be involved in the quantum computing conversation from the start – otherwise, the emerging technology will be a “disservice” to everyone.
Quantum computing has the ability to break many common forms of encryption, posing a significant threat to cybersecurity as we know it.
The White House’s Office of Management and Budget (OMB) issued a memo to Federal agencies in November 2022 instructing them to start preparing for this threat. The memo instructed Federal agencies to start identifying all the systems that may need to transition to post-quantum cryptography – which is secure for both quantum and classical computers.
“The Office of Management and Budget issued a memo for post-quantum, and it’s really fascinating because most of the time, and I love my friends at OMB, but they’re not very proactive, right? It’s normally a very reactive thing,” Amy Hamilton, the visiting faculty chair for the Energy Department at the National Defense University, said during ATARC’s Federal Quantum Summit on May 30.
“The fact that they said, ‘Hey, you need to look at post-quantum and you need to identify all of your devices before quantum is even out,’ that should signal to everyone the significance of this. I mean, this is pretty unprecedented that we’re doing something proactively,” Hamilton stressed.
In February of last year, the White House’s Office of the National Cyber Director released specific guidance for Federal agencies to submit to the administration prioritized inventories of cryptographic systems by May 2023.
While it’s unclear whether or not all agencies met this deadline, the White House said in December that agencies were working closely with the Cybersecurity and Infrastructure Security Agency (CISA) on this “difficult task.”
The fundamental part of this effort though, according to Hamilton, is “how do we protect the data.”
“What I will say is working with the scientists right now, as they’re developing the quantum technologies, the cyber teams need to be there from the beginning,” Hamilton said. “If you are working on quantum and you’re not including your cyber team, you’re doing everyone a disservice.”
“The really important thing is that we’re all at the table talking because all of these new technologies are going to enable and empower our lives in ways that we can’t imagine,” she said.
Michael Hayduk, the deputy director of the Air Force Research Lab’s Information Directorate, said he resonated with Hamilton’s sentiment of “building in cyber protection right from the start.”
“We have several programs in the Air Force where we’re actually looking at hardware/software root of trust, how we can bake that right in from the beginning. So, not just layering on things. I think with quantum, we definitely resonate as well to think about it early on,” Hayduk said. “How we protect our networks, it’s all about the data.”
Shery Thomas, the cyber technology officer at the Marine Corps Forces Cyberspace Command, added that incorporating cybersecurity into quantum needs to be “a whole of government approach.”
“Quantum computing, it’s got to change the entire paradigm of how we’re operating,” Thomas said. “In terms of things down the horizon, is quantum computing, but then to get ahead of it is the post-computing architecture that we need to be looking at it from a cybersecurity lens. Because if not, we’re going to have a plethora of problems.”
