A new report from Booz Allen Hamilton warns that sophisticated threat actors including China are likely to soon start stealing encrypted data from the U.S. government and private sector in the hopes of being able to decrypt the data years from now using quantum computing technologies.
China does not yet have the ability to use quantum tech to decrypt encrypted data now, but may get there by the end of the current decade, the report says. Likely targets for the steal-now/decrypt-later strategy may involve American government data and data from industries including pharmaceutical, chemical, and material science research, the report says.
The report states that while the benefits of quantum computing are still a way off, data decryption still poses a high risk in the current decade, even with a low probability of actualization.
“The likelihood of China developing the ability to break current generation encryption with quantum computers before 2030 is very small,” the report says. “Still, the outsized threat of a rival state possessing the ability to rapidly decrypt any data using current public-key encryption generates high risk.”
“Encrypted data with intelligence longevity, like biometric markers, covert intelligence officer and source identities, Social Security numbers, and weapons’ designs, may be increasingly stolen under the expectation that they can eventually be decrypted,” the report says.
For key stakeholders and the owners of this sort of data, the report makes three recommendations: to “conduct threat modeling to assess changes to organizational risk,” educate employees about quantum and stay aware of any developments, and develop a strategy for “deploying post-quantum encryption.”
The report notes that post-quantum encryption could take a decade or longer for implementation. The report also suggests that while China is here to stay as a quantum competitor, the threat of quantum-assisted artificial intelligence is likely decades off.
