Cybercrime, Cyber ââWarfare / Nation State Attacks, Fraud Management and Cybercrime
Researchers warn network advocates to protect data with long-term value
Dan Gunderman (dangun127) â¢
23 November 2021
Chinese threat actors may increasingly seek to steal sensitive and encrypted data in hopes of decrypting it with quantum computing technology in the years to come, according to a new report. Researchers say Chinese threat actors can target government, private sector and academic data of long-term value, including trade secrets, biometric identification markers, social security numbers, lockers forensics, weapon designs, and research and development around pharmaceuticals, biology, materials science, and chemistry, among others.
See also: Live Chat | Driving Business Growth: The Path to 24/7 Threat Detection and Response
In a 32-page report titled “Chinese Threats in the Quantum Era,” researchers at computer consulting firm Booz Allen Hamilton call protecting critical data a cybersecurity imperative, noting that while the benefits of computing quantum are far removed, rapid progress and a realignment focused on next-generation technologies make the threat active, with highly sensitive data held by state actors potentially decrypted by the end of the decade.
Quantum computing differs from classical computing in that it focuses on quantum theory – and the ability of subatomic particles to exist in more than one state at a time – with related devices offering immense capacities to data analysis and simulation. Despite the promises of this method of calculation, it has yet to show commercial viability. Still, some computer scientists have predicted measurable progress by the end of the 2020s – on the more optimistic side.
âThe threat landscape is changing in very real ways due to quantum, and organizations need to start acting now to ensure their infrastructure and data is protected,â Nate Beach-Westmoreland, chief strategic intelligence officer, told ISMG. cyber threats at Booz Allen Hamilton. âWhile quantum may not pose a direct threat to most organizations for at least a decade, the deployment of some critical mitigation measures such as post-quantum encryption will also likely take at least a decade. It requires that strategies be developed and resources aligned now, in order to prepare. “
Other experts are also focusing on timing. Ivan Righi, cyber threat intelligence analyst at security firm Digital Shadows, told ISMG that while this collection – pending possible decryption – is a noticeable long-term threat, “It remains to see how long it will take for [it] become a reality.”
A race to perfect technology
Booz Allen Hamilton researchers note that since around 2016, China has become a major center for research and development in quantum computing, backed by substantial political support at the highest levels of its government. Still, the country’s quantum experts have suggested it is falling behind the United States in several quantum categories – although China hopes to overtake the United States by the mid-2020s. While experts say this is unlikely, China could surpass Western countries in early use cases, the report said.
Advances in quantum simulations, the researchers argue, could accelerate the discovery of new drugs, high-performance materials and fertilizers, among other key products. These are areas that align with the country’s strategic economic plan, which historically parallels its economic espionage efforts.
âIn the 2020s, Chinese economic espionage will likely steal more and more data that could be used to power quantum simulations,â the researchers say, although they say Chinese IT scientists are unlikely to be. able to break current generation encryption before 2030. âStill, the overwhelming threat of a rival state with the ability to quickly decrypt all data using current public key encryption generates high risk.â
The authors say that because the moment when state actors break current-generation cryptography will not be immediately known to the public, “intelligence agencies will face a paradox” – and a threat to national and economic security.
The researchers write: âUltimately, the anticipated cracking of encryption by quantum computers must be treated as a current threat. Any data stolen today that has been encrypted with a quantum non-resistant algorithm will ultimately be accessible to an adversary.
The researchers say that the US National Institute of Standards and Technology, or NIST, will publish standards for post-quantum encryption in 2021. Those standards are expected to be finalized by 2024, they say, and the US Department of Defense is also carrying out a risk assessment related to quantum computing, for the sake of national security.
“The theft of encrypted documents is changing the calculation of risk, especially for government agencies, as quantum computers improve,” said Ross Rustici, former technical officer at the US Department of Defense. âThe takeaway here should be that encryption of data at rest for a number of highly sensitive industries will no longer be sufficient to ensure the confidentiality of its intellectual property. A higher standard of countermeasures will likely become necessary if the company believes that R&D time is the clear market differentiator. “
The researchers offer several tips for strengthening security now to prevent the leak and subsequent use of trade secrets, weapon designs or critical medical data, etc. They understand :
- Deploy continuous threat modeling;
- Develop an organizational strategy for the deployment of post-quantum encryption;
- Educate individuals on quantum computing and maintain awareness.
Maintaining awareness, they say, “may have the added benefit of revealing opportunities for strategic investments in new business catalysts, companies and other new opportunities.”
Rustici, who is currently managing director of consulting firm StoneTurn, said: âBusinesses need to take a much more nuanced approach to data privacy as encryption weakens, but it ultimately represents changes. incremental that can be addressed by having a solid risk assessment. and mitigation program. “