Critical Update: How Federal Agencies Can Help Avert Quantum Catastrophe
The White House is working on plans to roll out new cryptographic systems that will require epic levels of funding from Congress and coordination, both within the government and in partnership with industry.
Bell bottoms, vinyl records, not an iPhone in sight. The prospect of a computer that can operate at speeds fast enough to decode the complicated mathematical riddles guarding our communications holds the potential to send society back to a time before sensitive data went zipping nonchalantly across digital networks.
“Public key encryption itself was only invented in the ‘70s,” said Edward Parker, a physicist at the Rand Corporation whose specialty is in the emerging quantum technologies that could yield such a machine. “In one sense, you know, saying we might be forced to go back to the ‘70s sounds very pessimistic and apocalyptic even.”
The eventuality of a quantum computer—estimated to arrive sometime over the next decade or two—won’t mean the end of information security, as it’s often described. Still, experts say it does demand urgent action from the government.
Parker and fellow Rand scientist Michael Vermeer joined Nextgov’s Critical Update along with the White House’s Charles Tahan to delve into the issue.
“As an absolute last ditch resort, which is obviously not ideal, you know, you could always go back to delivering thumb drives in suitcases,” Parker said. “This is obviously not very scalable, would not integrate very well with online commerce where you want millions of people buying things on Amazon. But even in that sort of absolute worst case, baseline, there will still be ways of securing information, just as there were for, frankly, thousands of years before public key encryption was developed.”
But Tahan and the Biden administration are looking ahead to the development of new algorithms that are even more complicated than the ones currently protecting our communications. Officials at the National Institute of Standards and Technology believe these algorithms will be resistant to quantum computing and are working to incorporate them into a new post-quantum cryptography standard, or PQC, that federal agencies will need to implement.
Vermeer said, partly because the general public isn’t aware of the quantum computing threat, the issue “isn’t going to self-organize” and stressed the importance of Congress getting more involved.
“I would start with oversight over agencies and how they're preparing to do the [PQC] migration,” he said. “Call in leaders, say, 'we know this is an issue, how is your agency going to deal with this to protect the information, to protect the sector that you're concerned with, to make sure there are no issues there, no security lapses?’”
Tahan said more on the administration’s plans and recommendations regarding the larger field of quantum information science can be expected in the fall.