[By Paul Fuegner – QuSecure]
The rapid advances we are seeing in emerging technologies like AI, ML and quantum computing will have a devastating impact on organizations not prepared and who have not considered updating existing modes of asymmetric data encryption. As nation-states and threat actors continue to work hard to gain the upper hand, find new ways to infiltrate and steal data, it is very possible that our adversaries will gain the ability to decrypt virtually every secret possessed by the United States government and private industry that relies on asymmetric encryption. From your bank accounts to the nuclear codes and all data in between is at risk now for this scenario known as steal now, decrypt later (SNDL), otherwise known as screwed now, destroyed later.
Many cyberattacks are already automated, yet if we add in AI’s learning potential, these attacks could be dramatically increased in size, scale and disruption. With quantum, early planning is necessary as cyber threat actors are targeting data today that would still require protection in the future – the plan “steal now, decrypt later” plan.
Quantum is coming at a faster pace than anyone previously contemplated. In addition, the unprecedented power of quantum computers might enable nation-states and threat actors to crack the digital encryption system upon which the modern information and communication infrastructure depends. By breaking that encryption, quantum computing could jeopardize military communications, financial transactions, the support system for the global economy and even the foundations of liberty from which our society operates.
Add in the potential for AI to increase cyber threats exponentially, CISA, NSA, and NIST urge organizations to begin preparing now by creating quantum-readiness roadmaps, applying risk assessments and analysis, and engaging vendors to test solutions that involve crypto agility and quantum resilience leading to a zero-trust architecture.
Changes That Can Happen Right Now – Crypto Agility is a Must Have
Crypto agility allows organizations to apply any of the NIST Post Quantum Cryptography (PQC) candidates or their own custom developed algorithms. Quantum-resilience providers then create a hyper encrypted trusted channel resilient to the threat of decryption from quantum-based computers. Any adversary will be unable to identify that PQC has been employed and will waste valuable time and compute power collecting data that they will never be able to decrypt.
Much of the cryptography that we use today was first invented in the late ’70s. Most of our society fundamentally runs on the same cryptographic schemes, albeit with increased key sizes. And while these cryptographic methods might be effective against classical computers, they simply do not stand a chance against the combined force of AI and quantum computing.
Here are some steps that you can take to bolster defenses for an AI / Quantum future:
1. Begin with a cryptographic assessment:
This will help determine which cryptographic schemes you are using, where they are located, and which ones are most vulnerable to AI and quantum attacks. This can help in identifying any weaknesses or vulnerabilities in these algorithms or deployments, leading to the development of more secure cryptographic techniques.
2. Implement an orchestrated, cryptographic agility approach:
This means you have an effortless way to change cryptography if it is breached, or for any other reason. Orchestrated cryptographic agility, powered by AI, could have the potential to stay one step ahead of attackers by shifting algorithms and keys so hackers see no consistent patterns. Given that multiple post-quantum algorithms are being proposed and developed, AI can assist in determining which of these algorithms is best suited for a particular use case, based on factors such as security, performance and available resources.
3. Consider quantum resilient technologies:
There are several innovative technologies to consider when aiming to ensure cyber resilience within your organization. Post-quantum cryptography (PQC), for example, uses new cryptographic algorithms that are resistant to quantum computers and may also help with AI-based attacks. You can learn more about new, approved cybersecurity standards by going to the National Institute of Standards and Technology (NIST) website.
4. Address the entire network including servers, cloud and edge:
Think of phones, laptops, servers behind the firewall, cloud-based servers and even satellites. For rapid scalable, advanced cryptographic deployment, look for PQC that can be deployed without installing anything on edge devices. This will make it much easier and quicker to secure your organization as there is no change to the endpoint or user experience.
5. Use AI and ML for security:
AI or machine learning (ML) can be used to manage and dynamically update security policies based on the threat landscape. Think of active defense, active attack mitigation and more to ensure that you are set for the future.
6. Use AI for cryptanalysis:
AI can be used for cryptanalysis of post-quantum cryptographic algorithms. This can help in identifying any weaknesses or vulnerabilities in these algorithms, leading to the development of more secure cryptographic techniques.
It is important to know that new quantum safe encryption methods can be deployed now. The challenge is to make them work with existing encryption algorithms. Through crypto-agility, advanced quantum secure encryption solutions can map the network and identify which encryption algorithms and protocols are being employed for security between endpoints and servers. These solutions can deploy a proxy that can “speak” with each protocol being used between clients and encapsulate the data being sent with post-quantum resilient encryption.
The days of relying on outdated encryption algorithms are gone. Don’t let the fear of quantum computing hold you back from achieving digital transformation and quantum safety today. The time is now to understand AI and quantum threats and work to ensure your data and networks are resilient against powerful unexpected adversarial threats. Too much is at stake to find yourself screwed now and destroyed later.
