WASHINGTON — The U.S. Department of Defense must assess the national security threats posed by quantum computing, under the new annual defense policy.
The fiscal 2021 National Defense Authorization Act, which became law New Year’s Day after the Senate overrode President Donald Trump’s veto, contained a provision that directed the department to deliver a report to Congress that provides a “comprehensive assessment of the current and potential threats and risks posed by quantum computing technologies to critical national security systems.”
“[Cryptology] is … the backbone of much of our security,” said Joël Alwen, chief cryptographer at Wickr, a secure collaboration platform.
Powerful quantum computers pose a danger to national security because they will be able to break current encryption capabilities, meaning secure communications under current systems will be nearly impossible. On the flip side, adversaries with quantum capabilities will be able to communicate securely without fear of interception by the U.S., unless it achieves its own quantum computer.
“Quantum computing may allow adversaries to decrypt [unclassified, classified or sensitive] information, which could enable them to target U.S. personnel and military operations,” a November Congressional Research Service report warned.
The Department must identify and prioritize critical national security systems at risk by quantum computing. The assessment must be completed by Dec. 31, 2021, and the secretary of defense must brief defense committees by February next year. Assessing the risk posed by the emerging technology, Alwen said, includes understanding the criticality of the systems that need protected.
“It’s a combination of the technical understanding of what the risk really is, mixed with understanding of the content, the data and what its value is, and what exposure of that data represents,” Alwen said.
The Pentagon must outline its needs to be secure in a world of quantum computing and any funding shortfalls in public and private sector efforts to develop quantum-resistant cryptology. The assessment must also include a review of the standards under development by the National Institute of Standards and Technology for quantum-resistant cryptology, as well as an evaluation of alternative quantum-resistant algorithms.
Additionally, Congress wants the department’s recommendations for “research, development and acquisition activities” to secure critical national security systems.
Meanwhile, the emerging technologies directorate at the Defense Information Systems Agency, the Pentagon’s IT support agency, has started to explore quantum-resistant technologies. At an event last month, Stephen Wallace, systems innovation scientist at the directorate, told reporters that the Defense Department needed to prepare now for adversaries’ future quantum capabilities.
“Frankly, our adversaries likely won’t advertise the fact that they’ve achieved a quantum computer,” Wallace said. “We have to have crypto algorithms in place prior to that to allow us to continue in a safe position.”