Pentagon Rushes to Adopt Quantum-Resistant Cryptography Amid Hacking Fears

The US Department of Defense is racing against time to modernize its defenses against quantum hacking, a threat that could compromise its networks and operations. Deputy CIO for Cybersecurity David McKeown emphasized the need to think ahead of adversaries like China, which is developing a quantum computer capable of breaking military-grade encryptions.

The Pentagon currently uses decades-old cryptographic algorithms to secure its non-classified and secret classification networks, but these are vulnerable to quantum hacking. To address this, the National Institute of Standards and Technology (NIST) has released three new post-quantum encryption algorithms, with plans for additional releases in the future.

The goal is to migrate all high-priority systems to quantum-resistant cryptography by 2035, a deadline that may be challenging for large organizations like the Defense Department. McKeown highlighted the complexity of this effort, which involves developing and testing new algorithms, as well as replacing hundreds of thousands of endpoints with updated encryption technologies.

Modernizing Defenses Against Quantum Hacking: A Critical Priority for the Pentagon

The Department of Defense (DoD) has identified modernizing its cryptographic algorithms as a top priority to ensure the security of its networks and operations. This effort is crucial in light of the potential threat posed by quantum hacking, which could compromise the department’s critical information.

Deputy CIO for Cybersecurity David McKeown emphasized that the DoD needs to think ahead and develop algorithms that can meet the adversary’s ability to crack them. The process of developing and using coded algorithms to protect data is known as cryptography. Cryptographic algorithms are used to secure both non-classified and secret classification networks, protecting critical information from being hacked by adversaries like China.

The current cryptographic algorithms used by the DoD are decades old, and the National Security Agency (NSA) is leading the effort to modernize them. The NSA heavily relies on algorithms developed by the National Institute of Standards and Technology (NIST). In August, NIST released three new post-quantum encryption algorithms, with plans to release additional algorithms in the future.

The Challenges of Cryptographic Modernization

The process of developing a new cryptographic algorithm takes around a decade, followed by testing and certification by the NSA. Once certified, the DoD will need to conduct operational tests and validation with each of the military services and components. This is a complex and time-consuming process, involving hundreds of thousands of endpoints that need to be touched and updated.

McKeown highlighted the scope and scale of replacing cryptographic algorithms, emphasizing that it’s an extremely long timeline. Even when new algorithms are fielded, the DoD will have to continuously work to ensure both the hardware and software components are up-to-date. This includes finding innovative and efficient ways to do encryption, such as using double-wrapping encryption techniques to add extra layers of security.

The DoD’s CIO has been working to enumerate the department’s algorithms that are vulnerable to quantum hacking so that they can be fixed. This involves looking through the entire inventory of encryption used on everything and figuring out what needs to be replaced. The department will then need to work with vendors and the community to get the upgrades and field them, ensuring that new quantum-resistant cryptography is employed throughout the department.

NIST plans to migrate all high-priority systems to quantum-resistant cryptography by 2035, a deadline that could be challenging for organizations as large as the DoD. The department will need to work efficiently and effectively to meet this deadline, ensuring that its critical information remains secure.

McKeown emphasized that even when new cryptographic algorithms are fielded, the DoD will have to continuously work to ensure both the hardware and software components are up-to-date. This is a long-term effort that requires sustained investment and attention to detail. The department must remain vigilant and proactive in addressing emerging threats, ensuring that its defenses against quantum hacking remain robust and effective.