The simultaneous explosions of thousands of pagers belonging to Hezbollah operatives in Lebanon offers a great example of a stealth supply chain attack that few could have ever predicted. It’s a reminder that a determined adversary can be extremely imaginative in formulating attacks that cut past existing defenses.
With that in mind, let’s discuss how space is a promising venue for crime and piracy. It may not seem that way today, but the rapid growth of commercial space ventures makes it inevitable that malicious actors will seek to disrupt space businesses for profit or hijack valuable cargoes. These threats also affect national security, which is increasingly reliant on space for intelligence, navigation, communications, transportation, and supply chain management.
Our position is that the US government must take action to mitigate the space crime risk now, before the problem starts to affect space industry and national security. Some stakeholders have argued back that this is not a realistic prospect: The government doesn’t do well when it comes to solving problems that don’t exist yet. Except, it can when it wants to. The risk of quantum decryption provides a great example of how the government is capable of taking action to prepare for a hypothetical threat.
Quantum computers, which are early in their technology development lifecycle, take advantage of the quantum properties of subatomic particles to create computational power that’s orders of magnitude faster than current silicon-based computers can deliver. You don’t have to understand the physics involved to see the potential risk inherent in this technology.
A Cryptanalytically Relevant Quantum Computer (CRQC), if and when such a device becomes viable, will be able to crack today’s most impenetrable encryption keys.
A Cryptanalytically Relevant Quantum Computer (CRQC), if and when such a device becomes viable, will be able to crack today’s most impenetrable encryption keys. It would take existing computers centuries to break such keys. It is predicted that a CRQC will be able to accomplish this task in a matter of hours. As a result, virtually all cryptographically protected computer systems, networks, and data repositories will be completely exposed to breach. This would be a disaster of epic proportions affecting finance, commerce, and national security.
This nightmare scenario, known as “Q-Day,” may not come to pass. Quantum computers exist, but they are largely experimental at this point, far from capable of the processing speeds required for a CRQC. It’s impossible to predict if such a technology will ever exist, and if it comes online, whether we’re talking years, decades, or centuries. There’s something of a consensus, however, that CRQCs will become viable within the next 20 years.
The US government is taking the quantum threat seriously. In 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act. The law requires the US government’s Office of Management and Budget (OMB) to prioritize federal agencies’ adoption of encryption that is “quantum resistant.”
In practical terms, the law has led the National Institute of Standards (NIST) to publish three highly advanced cryptographic algorithms for use by entities that need to comply with Federal Information Processing Standards (FIPS). These algorithms are capable of mitigating the quantum threat, as we understand it today. The National Security agency has issued its own requirements for entities that work on National Security Systems (NSS’s), such as the Department of Defense (DoD) and defense contractors.
The Quantum Computing Cybersecurity Preparedness Act demonstrates that the federal government can take practical, effective steps to prepare for a threat that does not currently exist.
The Quantum Computing Cybersecurity Preparedness Act demonstrates that the federal government can take practical, effective steps to prepare for a threat that does not currently exist. It further shows that government bodies, such as NIST and the NSA, can cooperate with private industry partners and academic institutions to develop outstanding countermeasures to this still hypothetical threat.
In our view, this type of action is necessary to prepare for the threat of space crime and piracy. One could argue that the threats are not of equal significance, so the effort is not necessary. Q-Day does represent a global information and security calamity, so the steps to minimize its impact are understandable. However, space is also a domain that the world is less and less able to live without. Disruptions to space commerce and services like communication and navigation—along with threats to military and intelligence uses of space—would be catastrophic for life as we know it.
To be fair, the government is not ignoring space security. Efforts are under way, exemplified by NIST’s emerging standards for satellite cybersecurity. This is an important start, but more needs to be done. Space crime and piracy, as well as a variety of other irregular threats, require a multi-threaded response. Areas of the government, from the Department of State to the DoD, the intelligence community (IC), and others, need to collaborate on solutions. This will not be easy, but the need is compelling. The quantum threat offers an example of how to proceed.
Photo: IBM Q System One Quantum Computer at the Consumer Electronic Show CES 2020
Source: Shutterstock #2419188113
Space Piracy Blog © 2024 by Hugh Taylor and Marc Feldman is licensed under CC BY-NC-ND 4.0