Pages

28 February 2024

The Western economy is about to be dealt a devastating blow

Karl Holmqvist

The modern Western world is dependent on undependable technology. From healthcare to banking, communications to infrastructure – electricity grids, water supplies, sewage systems and trains – we rely on complex systems that do what they do, when they’re meant to. For this to work, these systems must be secure against attack.

However, as shown by recent ransomware attacks on everything from hospitals to libraries, we often aren’t ready for sophisticated attacks on our technology. Our systems were built to be operationally reliable, but were not designed to be resilient to the efforts of determined adversaries who want our information or money. And this situation could get significantly worse. New technology has put a timer on our current security methods.

We are rapidly connecting the critical components of the most important systems that keep our economy running to the internet. The cornerstone of the current security practices that make this safe is cryptography; encoding information so that only the intended recipient can decipher it. Our current cryptographic techniques are highly secure against current technologies. They are totally unready for the quantum age and the new types of attacks our adversaries are aggressively developing.

Last year, the cybersecurity community was stirred by a sensational claim that RSA, the most widely deployed asymmetric encryption algorithm, had been cracked by a new method harnessing properties of quantum mechanics augmented by AI. This story passed without disaster. But at some point, quantum computers capable of breaking our current system will be here. Researchers and institutes around the world are pouring tens of billions of dollars into quantum computing, and the timelines for working devices are shrinking.

While there are many promising applications in science and medicine for a large quantum computer, one of the first specific and proven applications will be breaking cryptography. This means that RSA’s immunity, and the security of all the cryptographic systems powering our Internet connected society, may soon be in doubt. Last year’s announcement was a shot across the bows for the Western world. The next breakthrough could be real.

In 1994, the American mathematician Peter Shor proved that a large enough quantum computer would totally undermine the security of RSA based cryptography by efficiently solving the mathematically intractable problem of factoring large numbers. Over 20 years ago a research team at IBM deployed Shor’s algorithm in a lab environment, proving the theory is not just impractical maths. “Classical” computers – of the sort you’re reading this on – find this task almost impossible in any practical timeframes. While our current quantum computers are relatively small, they are developing rapidly, and once they are large enough everything we thought was secure is open access.

There are ways of addressing this. Quantum-resistant algorithms already exist. But the West is sleepwalking into disaster. Given that almost every Internet connected device will require software or hardware upgrades, businesses, governments and even individuals should be taking pre-emptive measures to upgrade our digital fortifications. If we do this now, we can stave off the worst of the damage.

But the clock is ticking. Even now, there are warnings of massive data harvesting operations being undertaken by adversarial state bodies. Encrypted data is hoovered up and stored, waiting against the day when successful decryption is available. And there is no clear or exact timeline to Q-day – the date when a quantum computer capable of this task is operational. It could be this year or next; it could take a decade or more. That uncertainty, in this case, puts the balance of risks firmly in favour of acting early. Some companies aren’t waiting; Apple announced this week that they are rolling out post-quantum encryption for its iMessage service and Google has been deploying quantum resilient systems over the last year.

The best time to deploy resilient countermeasures to ensure our secrets remain secret and our systems secure was yesterday. The next best time is today. Q-day is inching closer minute by minute. If we wait until it’s here to deploy quantum resilient systems, we will be acting too late – and the very fabric of our economies will be vulnerable to attack.

No comments:

Post a Comment