banner

Thales Blog

Anatomy of a Quantum Attack

April 28, 2022

April Burghardt | Quantum Xchange More About This Author >

Next-generation cyberattacks are often summarized as ransomware, man-in-the-middle, brute-force, phishing, insider, or malware attacks. Each present a unique set of challenges and require equally powerful next-generation cyber security. But another, far more damaging, attack vector is looming – quantum attack.

Advanced computers, quantum being one, have the potential to wreak havoc on the data, systems, devices, and networks we rely on daily. A conventional computer would need 300 trillion years to break RSA encryption – considered the gold standard for Public Key Encryption (PKE). A quantum computer will be able to do it in 10 seconds!

For most commercial businesses, countermeasures against cyberattacks are about preserving data privacy, integrity, and security. Keeping critical, high-value data away from the prying eyes of hackers and out of the hands of state-sponsored actors. But for networks that manage critical infrastructure, the threat and motivation behind bad acts goes beyond financial motivations. The system itself, and what the system produces, is the high-value target.

Research by the Organization of American States found cyberattacks against critical infrastructure and manufacturing are more likely to target industrial control systems than steal data. More than half (54 percent) of the 500 critical infrastructure suppliers surveyed reported attempts to control systems, while 40 percent said they had experienced attempts to shut down systems entirely.

While most assume cyberattacks will be launched using conventional, binary computers, imagine the catastrophic consequences of a large-scale quantum attack on critical infrastructure. During a recent webinar, we discussed the potential impacts from a quantum-age cyberattack and the scenarios are chilling. In the hands of the enemy, a quantum computer capable of destroying RSA- encrypted data would have devastating effects on our critical infrastructure and economy. It’s no different than the fear of conventional warfare going nuclear. Yet, we know adversaries are stealing our encrypted data, waiting for the day a quantum computer can break its encryption – an attack known as harvesting.

Another area ripe for exploitation by cybercriminals and state-sponsored actors is Space. Either exploited by military groups or criminal gangs, attacks on satellites, their systems, and base stations on Earth are seeing a steady uptick. More than 4,000 satellites are currently orbiting Earth with thousands more planned to launch by private industry the likes of SpaceX, Amazon, OneWeb and others. While this lowered barrier to entry increases innovation and discovery, it also increases the number of potential access points for hackers.

Elon Musk knows this to be true. Recent signal jamming of SpaceX Starlink satellites above conflict areas in the Ukraine forced him to announce a reallocation of resources toward cyber defense. Keeping space technology infrastructure and communications safe is a growing concern of the U.S. government. Legislation proposed by U.S. House of Representatives Ted Lieu and Ken Calvert aims to classify space as critical infrastructure to boost public-private collaboration on cybersecurity matters.

As the Information Age gives way to the Quantum Age of computing it will require the largest global cryptographic transition in the history of computing. NATO, the U.S. government, the EU and other global institutions and governments around the world are preparing now for quantum attacks or Y2Q – the day a quantum computer breaks encryption.

As mentioned earlier, the White House has taken a leading role, recently issuing NSM-8, a national security memorandum that builds on the original Executive Order 14028 issued on May 12, 2021 to improve the nation’s cybersecurity and protect federal government networks. NSM-8 sets forth new requirements that are equivalent to, or exceeds, the cybersecurity requirements within Executive Order 14028 including an emphasis on all federal agencies adopting quantum-resistant algorithms in 180 days.

Still, many organizations are taking a flawed “wait and see” attitude when it comes to crypto migration planning, waiting for NIST to announce its final post-quantum cryptography (PQC) algorithms as standard. But failure to act now is delaying the inevitable at a cost that could be far greater than imaged. There are important risk factors to consider when planning a large-scale crypto migration, replacing legacy encryption with NIST-backed PQCs could take years, even decades to complete. In the meantime, your critical data and communications networks could be at risk.

Accessing the true threat and potential damages of quantum cyberattacks on industry and critical infrastructure is the topic of a recent BrightTALK webinar. Data security experts from Thales and Quantum Xchange discussed the anatomy of a quantum attack, what’s being done to prepare, and solutions available today to future-proof your data networks from whatever threat awaits.

Tune into our latest on-demand webinar on Assessing the True Threat and Potential Damage of Quantum Computing Cyberattacks, for better understanding of quantum attacks.