America dodged a major cyber bullet this past weekend, although the end-result of the ransomware attack on the Colonial Pipeline has been disruptive enough, producing economic shock across the country and gas lines in the Northeast.
Still, if the still-unidentified hackers had wanted to break into the technology operating the pipeline, instead of looking for easy blackmail money; the attack could have been catastrophic with effects lasting for months, even years. Instead, operators shut down the pipeline themselves to prevent such an occurrence from happening: a clear admission of how vulnerable our energy grid is, just like our power grid, even after a decade or more of warnings.
Taken together with the weather-related Texas power outage more than a month ago, the pipeline attack is a clear and present warning—with trillions of dollars in losses at stake. Unless we get serious about protecting our power and energy infrastructure, attacks like this weekend’s will become more disastrous and more disruptive, until we face the worst of all—a future quantum computer attack that breaks the back of the entire United States economy.
it is really committed to action this time. But we’ve been here before. In 2007 we had the sweeping cyberattack on the U.S. government, including the Defense Department; an attack so comprehensive that I and others dubbed it a More recently we had the hacking raid on OPM in 2015, affecting the records of at least 20 million federal employees. That was followed by the revelations about the Solar Winds hacks last year.
Yet here we are, still vulnerable, still exposed. It’s as if after the bombs were dropped on Pearl Harbor that Sunday morning in December 1941, Americans had read about the crippling of the U.S. fleet, then rolled over and went back to sleep.
Sleeping through cyber disasters is no longer an option. Fortunately, the emerging technologies of the quantum revolution offer solutions both long-term and short-term to our worst infrastructure threats—including a future quantum computer attack itself.
The first solution are software algorithms that are specifically designed to protect against future quantum computer assault. Under the rubric of post-quantum cryptography (PQC), these algorithms are also insurance against conventional cyberattacks. At the National Institute of Standards and Technology (NIST) scientists and engineers are diligently preparing which are slated to be finished by 2024 and will then be ready to deploy to protect all public encryption. These algorithms will be eagerly awaited since they will provide protection against classical hackers, as well—indeed there are companies like Canada’s ISARA Corp. which have been deploying PQC algorithms already.
The second quantum solution is even closer at hand. It uses the same scientific phenomenon that makes quantum computing possible—the entanglement of sub-atomic particles—to provide hack-proof keys for communication between end-to-end users.
Some of these quantum-based cryptographic systems use quantum random number generators to produce quantum encryption keys. Another company, Qubitekk, produces entangled photons to generate identical symmetric keys at both ends of the communication link. In either case any unauthorized intrusion into the communication immediately severs the link—and everyone knows instantly there’s been an attack.
These quantum-based solutions are especially suited for the Supervisory Control and Data Acquisition (SCADA) systems that control and monitor field devices from a central command center. Utilities and infrastructure companies have used SCADA for years to administer power stations and pipelines. These rely heavily on point-to-point communications for their operations, while communication protocols continually transfer data from sensors to SCADA servers, and back to the sensors. Quantum-based cryptography can offer tamper-proof protections for these protocols. Scientists at both at Oak Ridge Laboratories and Los Alamos on quantum key distribution (QKD) capabilities to secure the energy sector. A range of American and European companies have successfully deployed similar quantum key networks for their clients.
Taken together, then, quantum solutions can secure systems now and in the future against quantum computer attacks. It simply doesn’t make sense to spend billions on classical cyber protections that will be obsolete in 3-4 years as hackers inevitably find their way around those safeguards, instead of investing in quantum-based hack-proof protections that will last for decades.
Thanks to our on-going cyber vulnerabilities, America has become like a bank vault with the door wide open. We’re simply inviting attackers, and when a truly determined predator like Russia or China steps in, it could mean ruin for the U.S. economy, not just for a few months or a year, but for good. Quantum technology may not offer all the answers, but it may be the ultimate firewall we’ve all been waiting for—and that state and non-state hackers have been hoping we wouldn’t discover.
Read in