There is no denying that the People’s Republic of China knows how to play a “long game.” Since its foundation after the Second World War, it has slowly gone through multiple efforts to modernize. While some efforts such as the Great Leap Forward may not have had the results that Beijing anticipated, China continues to be a forward-thinking nation. This is certainly evident in how it is now reportedly collecting encrypted data – which could be easily decrypted and accessed when its advanced quantum systems go into operation.
A recent Booz Allen report laid out how China has become a major player in quantum computing, but also is now seeking ways to obtain classified encrypted data.
“By the end of the 2020s, Chinese threat groups will likely collect data that enables quantum simulators to discover new economically valuable materials, pharmaceuticals, and chemicals. Quantum-assisted AI, meanwhile, is unlikely to emerge or influence adversary behavior in the foreseeable future,” Booz Allen Hamilton warned last month.
The company further suggested that “CISOs manage strategic risk associated with quantum computers’ influence on Chinese cyber threats by (1) conducting threat modeling to assess changes to organizational risk, (2) developing an organizational strategy for deploying post-quantum encryption, and (3) educating personnel and staying informed.”
Playing Catch Up at Quantum Speed
Beijing is a late adopter to the development of quantum computing – at least compared to the United States, Europe, and Japan. Yet it has been made major strides since 2016, when China launched a 13-year plan to become a top global innovator of cutting-edge technologies, notably quantum. That included a multibillion dollar investment in the technology, as well as the building of an $11 billion National Laboratory for Quantum Information Sciences.
“While much of the cybersecurity world wasn’t looking, quantum computing has quietly moved from fantasy to real life,” explained Saryu Nayyar, CEO of cybersecurity research firm Gurucul.
“In its latest report on cybersecurity and quantum computing, Booz Allen Hamilton documents some of the concerns of China as both a major player in cybersecurity risks and major researcher in quantum computing,” Nayyar told ClearanceJobs via an email. “The report notes that China is likely to be collecting sensitive and encrypted files with the intent of decrypting them with emerging quantum technology at some point in the future.”
Digital Arms Race
Just as China has surged forward with major efforts to build a world class navy, and earlier this year successfully conducted a test launch of a hypersonic missile, it could soon take the lead in the development of quantum computing.
“The arms race to quantum computing ushers in a new era of competitive advantage and cyber risk. CISOs, IT, and business leaders should be acutely mindful of this risk and embrace ‘quantum resistant’ zero trust and SASE architectures that transform the traditional security perimeter into one that’s software, identity and trust based,” warned Rajiv Pimplaskar, chief research officer at cybersecurity firm Veridium.
The concern is that quantum computing could make all current forms of encryption essentially useless, leaving the first nation to develop the technology to have a significant advantage – at least until some form of quantum security can be developed.
“A significant threat is the continued reliance on username and password-based credentials that can guessed, brute forced, phished or decrypted using advanced and emerging computing techniques,” Pimplaskar also explained via an email to ClearanceJobs. “Passwordless authentication promoted by W3C WebAuthN and FIDO Alliance like phone as a token and FIDO2 security keys create an unphishable binding with the user drastically reducing the attack surface for such breaches and making the environment impervious to data breaches and ransomware attacks. Further these improve cost efficiency and reduce user friction enabling ease of adoption for workforce and consumer use cases.”
Solace of Quantum?
However, Nayyar has suggested the danger presented by quantum has been greatly exaggerated – and there could be some solace in that fact.
“Quantum computing promises computations several orders of magnitude faster than traditional binary computing. But while this may offer the potential to decrypt files through sheer brute force, it doesn’t represent a breakthrough in decryption,” she added.
In fact, just as efforts to develop quantum have moved forward, there has been significant progress made with encryption as well. That could be the other half of this digital arms race.
“As encryption technologies have gotten more powerful, it’s not at all clear that brute force quantum computing is the answer,” said Nayyar. “Enterprises and governments investing in encryption should make sure they are using the most powerful algorithms available today, so that it may not be feasible to use quantum computing for decryption. At the very least, it may take several years to break the current state of the art in encryption.”
