It’s been six years since hackers linked with China breached the US Office of Personnel Management’s computer system and stole sensitive information about millions of federal employees and contractors. It was the sort of information that’s collected during background checks for security clearances––very personal stuff. But not all was lost. Even though there were obviously some massive holes in the OPM’s security setup, some of its data was encrypted. It was useless to the attackers.
Perhaps not for much longer. It’s only a matter of time before even encrypted data is at risk. That’s the view of John Prisco, CEO of Quantum Xchange, a cybersecurity firm based in Bethesda, Maryland. Speaking at the EmTech Future Compute event last week, he said that China’s aggressive pursuit of quantum computing suggests it will eventually have a system capable of figuring out the key to access that data. Current encryption doesn’t stand much of a chance against a quantum system tasked with breaking it.
China is moving forward with a “harvest today, read tomorrow” approach, said Prisco. The country wants to steal as much data as possible, even if it can’t access it yet, because it’s banking on a future when it finally can, he said. Prisco says the China is outspending the US in quantum computing 10 times over. It’s allegedly spending $10 billion alone to build the National Laboratory for Quantum Information Sciences, scheduled to open next year (although this number is disputed). America’s counterpunch is just $1.2 billion over five years toward quantum information science. “We’re not really that safe,” he said.
Part of China’s massive investment has gone toward quantum security itself, including the development of quantum key distribution, or QKD. This involves sending encrypted data as classical bits (strictly binary information) over a fiber-optic network, while sending the keys used to decrypt the information in the form of qubits (which can represent more than just two states, thanks to quantum superposition). The mere act of trying to observe the key changes its state, alerting the sender and receiver of a security breach.
Bu it has its limits. QKD requires sending information-carrying photons over incredibly long distances (tens to hundreds of miles). The best way to do this right now is by installing a fiber-optic network, a costly and time-consuming process.
It’s not foolproof, either. The signals eventually scatter and break down over long stretches of fiber optics, so you need to build nodes that will continue to boost them forward. These networks are also point-to-point only (as opposed to a broadcast connection), so you can communicate with only one other party at a time.
Nevertheless, China looks to be all in on QKD networks. It’s already built a 1,263-mile link between Beijing and Shanghai to deliver quantum keys. And a successful QKD demonstration by the Chinese Micius satellite was reported across the 4,700 miles between Beijing and Vienna.
Even Europe is making aggressive strides: the European Union’s OPENQKD initiative calls for using a combination of fiber optics and satellites to create a QKD-safe communications network covering 13 nations. The US, Prisco argues, is incredibly far behind, for which he blames a lack of urgency. The closest thing it has is a 500-mile fiber-optic cable running down the East Coast. Quantum Xchange has inked a deal to use the cable to create a QKD network that secures data transfers for customers (most notably the financial companies based around New York City).
With Europe and China already taking QKD seriously, Prisco wants to see the US catch up—and fast. “It’s a lot like the space race,” he said. “We really can’t afford to come in second place.”
Update: This story has been amended to note that the funding figures for the National Laboratory for Quantum Information Sciences are disputed among some experts.
Quantum computing has a hype problem
Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.
These hackers showed just how easy it is to target critical infrastructure
Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.
Russia hacked an American satellite company one hour before the Ukraine invasion
The attack on Viasat showcases cyber’s emerging role in modern warfare.
Russian hackers tried to bring down Ukraine’s power grid to help the invasion
As Russia’s ground war stalls, hackers attempted to cause a blackout for two million people.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.