It’s been six years since hackers linked with China breached the US Office of Personnel Management’s computer system and stole sensitive information about millions of federal employees and contractors. It was the sort of information that’s collected during background checks for security clearances––very personal stuff. But not all was lost. Even though there were obviously some massive holes in the OPM’s security setup, some of its data was encrypted. It was useless to the attackers.
Perhaps not for much longer. It’s only a matter of time before even encrypted data is at risk. That’s the view of John Prisco, CEO of Quantum Xchange, a cybersecurity firm based in Bethesda, Maryland. Speaking at the EmTech Future Compute event last week, he said that China’s aggressive pursuit of quantum computing suggests it will eventually have a system capable of figuring out the key to access that data. Current encryption doesn’t stand much of a chance against a quantum system tasked with breaking it.
China is moving forward with a “harvest today, read tomorrow” approach, said Prisco. The country wants to steal as much data as possible, even if it can’t access it yet, because it’s banking on a future when it finally can, he said. Prisco says the China is outspending the US in quantum computing 10 times over. It’s allegedly spending $10 billion alone to build the National Laboratory for Quantum Information Sciences, scheduled to open next year (although this number is disputed). America’s counterpunch is just $1.2 billion over five years toward quantum information science. “We’re not really that safe,” he said.
Part of China’s massive investment has gone toward quantum security itself, including the development of quantum key distribution, or QKD. This involves sending encrypted data as classical bits (strictly binary information) over a fiber-optic network, while sending the keys used to decrypt the information in the form of qubits (which can represent more than just two states, thanks to quantum superposition). The mere act of trying to observe the key changes its state, alerting the sender and receiver of a security breach.
Bu it has its limits. QKD requires sending information-carrying photons over incredibly long distances (tens to hundreds of miles). The best way to do this right now is by installing a fiber-optic network, a costly and time-consuming process.
It’s not foolproof, either. The signals eventually scatter and break down over long stretches of fiber optics, so you need to build nodes that will continue to boost them forward. These networks are also point-to-point only (as opposed to a broadcast connection), so you can communicate with only one other party at a time.
Nevertheless, China looks to be all in on QKD networks. It’s already built a 1,263-mile link between Beijing and Shanghai to deliver quantum keys. And a successful QKD demonstration by the Chinese Micius satellite was reported across the 4,700 miles between Beijing and Vienna.
Even Europe is making aggressive strides: the European Union’s OPENQKD initiative calls for using a combination of fiber optics and satellites to create a QKD-safe communications network covering 13 nations. The US, Prisco argues, is incredibly far behind, for which he blames a lack of urgency. The closest thing it has is a 500-mile fiber-optic cable running down the East Coast. Quantum Xchange has inked a deal to use the cable to create a QKD network that secures data transfers for customers (most notably the financial companies based around New York City).
With Europe and China already taking QKD seriously, Prisco wants to see the US catch up—and fast. “It’s a lot like the space race,” he said. “We really can’t afford to come in second place.”
Update: This story has been amended to note that the funding figures for the National Laboratory for Quantum Information Sciences are disputed among some experts.
Hackers are trying to topple Belarus’s dictator, with help from the inside
Opposition from inside the regime of Alexander Lukashenko is helping hackers run what may be the most comprehensive cyberattack on a nation ever.
2021 has broken the record for zero-day hacking attacks
But the reasons why are complicated—and not all bad news.
This US company sold iPhone hacking tools to UAE spies
An American cybersecurity company was behind a 2016 iPhone hack sold to a group of mercenaries and used by the United Arab Emirates.
Reimagining our pandemic problems with the mindset of an engineer
Grappling with all the uncertainty, the epidemiologist’s role during the pandemic proved confusingly complex. A more pragmatic, problem-solving mindset might help in making good decisions.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.