Much Is At Stake as the Quantum Threat Emerges
By Roberta Faux, BlackHorse Solutions, Inc.
International Cryptographic Module Conference Overview
Last week, global leaders across commercial cryptographic sectors met virtually for the 8th International Cryptographic Module Conference (ICMC20). Each year, hundreds of participants from around the world gather to review the latest technical issues underlying cryptographic implementation including physical security, key management, side-channel analysis, open-source development, algorithm testing, quantum threats, embedded applications, standardization, validation programs, government policy, and more.
The conference is divided into nine tracks, one of the most popular tracks being dedicated to Post-Quantum Cryptography (PQC). Mike Kushin, CEO of BlackHorse Solutions, gave a sobering presentation on the “Unique Challenges for Adopting PQC in the National Security Realm.” To learn more about Mr. Kushin's presentation, visit: https://icmconference.org/?session=quantum-safe-crypto-for-national-security-needs-q21a
An Urgent Problem
Legacy systems are under a growing threat as sensitive communications are being collected today by adversaries for decryption in the future when large scale quantum computers are available. This is known as the “harvest now, decrypt later” attack. Although new quantum-safe standards will be published in the next few years, many USG organizations are facing mounting challenges for transition planning to quantum-safe algorithms. Quantum-resistant algorithms are needed as soon as possible to protect USG information with long term value such as:
- National defense strategy
- Protection of U.S. cryptologic or weapon systems
- Sensitive US foreign relations
- Potential vulnerabilities to emergency preparedness plans or critical infrastructure
Cryptographic migration is now an urgent issue.
A Call to Action
The US military deals with many factors to ensure the security of communication and information, and to protect against espionage and cyberattacks. There are a vast number of encryption products that are employed in network traffic analytics, endpoint security, firewall solutions, encrypted voice solutions, and digital data encryptors. Mr. Kushin warned that the sheer size of the military and its multifaceted requirements warrant a holistic USG approach. Unfortunately, to date efforts have been minimal and fragmented. There is still a lack of direction to ensure a coordinated effort on the transition to quantum-safe cryptography.
What is at Risk?
There are many competing solutions with various tradeoffs and thus much confusion about how best to move forward. The complexity of migration needs more research to better understand how interoperability and other complexities will be addressed. Mr. Kushin identified numerous challenges such as:
- Current lack of standardization
- Nomenclature confusion
- Misinformation in the marketplace
- Little or no customer education
- Lack of migration planning
- Short-sighted planning
When organizations are misinformed, they risk not taking timely actions, creating fragmented solutions, and potentially inadvertently introducing unforeseen vulnerabilities.
As NIST prepares standards for quantum-resistant algorithms, we must ensure solutions will work in real-world military use cases especially those requiring FIPS compliance. Government vendors need to understand requirements early on and have incentives to proactively build in solutions that will be a security against future large-scale quantum computers. We cannot jeopardize our national security by underestimating this challenge.
BlackHorse Quantum-Safe VPN
Mr. Kushin announced a new product currently being developed by BlackHorse: a quantum-safe VPN. The BlackHorse VPN uses NIST round three algorithms and it can be layered into a FIPS-140 environment today.
“The same way doctors and scientists have created therapeutics for COVID-19 ahead of a vaccine, BlackHorse has created our Quantum-Safe VPN as a therapeutic against data harvesting well ahead of standards.”
BlackHorse Solutions hopes to allow entities to operate with today’s (non-quantum-safe) security standards and simultaneously layer in quantum-safe security until classical infrastructure is migrated.
BlackHorse is a rapidly growing technology company in the national security space. Headquartered in Herndon, VA, we support our nation’s most pressing national security needs through contracts with the Department of Defense, Intelligence Community, and other Government agencies. BlackHorse has openings in some of the most exciting areas of National Security, which can be found at https://www.blackhorsesolutions.com/. We can also be found on LinkedIn, Twitter, Facebook, and Instagram; follow us!