On Monday, March 21 the Biden administration issued a stark warning to commercial businesses and critical infrastructure operators: be prepared and lockdown your cyber defenses, citing “evolving intelligence that the Russian Government is exploring options for potential cyberattacks” against the U.S.
This comes as no surprise if we think back to the Colonial Pipeline attack. Although the rEvil ransomware gang was ultimately found responsible, much evidence exists that these organizations are protected, if not sponsored, by their hosting governments. Similar circumstantial evidence exists around WhisperGate, which first appeared on Ukrainian government computers in mid-January.
Like NotPetya, a Russian-sponsored attack that cost an estimated $10 billion worth of damages, WhisperGate first appears as ransomware. But rather than encrypting files and forcing users to pay ransom to get them back, the files are simply destroyed. In response, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up alert encouraging all U.S. organizations to adopt a heightened security posture to protect critical assets and essential services.
The Colonial Pipeline attack and resulting disruptions serves as a prime example of just how important protecting critical infrastructure is to national security and the daily lives of the citizenry. The ice storm that hit Texas in 2021 is another recent example of the far reaching and devastating consequences of a critical infrastructure breakdown. While not a cyberattack, degradation of the electric grid left hundreds of thousands of households without adequate heat, putting lives in danger.
Measures like Shields Up and Biden’s cautionary warning this week are intended to reduce the likelihood of a damaging cyber intrusion, but we know that threats from nation-state actors will continue to increase in volume and sophistication. In the case of the Ukraine invasion, we see how warfare is not just boots on the ground, but fingers on the keyboard. Also known as the fifth dimension of warfare – land, sea, air, space, and cyber.
While most assume cyberattacks will be launched using conventional, binary computers, imagine the catastrophic consequences of a large-scale quantum attack on critical infrastructure. In the hands of the enemy, a quantum computer capable of destroying RSA- encrypted data would have devastating effects on our critical infrastructure and economy. It’s no different than the fear of conventional warfare going nuclear.
The Hudson Institute’s Risking Apocalypse? Quantum Computers and the U.S. Power Grid is a good read on just how vulnerable the power grid is to cyberattacks and how a quantum attack could break the back of the U.S. economy.
For some, quantum attacks or Y2Q, is just a distant scenario or research simulation model done by think tanks. But we know nation states like Russia, China, Iran and North Korea are stealing our encrypted data, waiting for the day a quantum computer can break its encryption – an attack known as harvesting.
While government and industry spent an estimated $600 billion fixing or upgrading systems to get ready for Y2K, Y2Q doesn’t offer a “worst case scenario” date to prepare against. And, we would argue, Y2Q goes well beyond protecting data to protecting the infrastructure in which our entire digital lives and economy resides.
In the new eBook, “The Great Crypto Migration: Preparing Your Organization for a Multiyear Post-Quantum Cryptography Transition,” Quantum Xchange explores lessons learned from Y2K, why today’s environment and attack surface differs, and government’s response to the threat via the NIST PQC Project which states: “It is critical to begin planning for the replacement of hardware, software and services that use public-key algorithms now so that information is protected from future attacks.”
Investing in quantum-safe cyber defenses early will help ensure the safety of the nation, and if deploying Phio TX from Quantum Xchange, immediately improve an organization’s overall cybersecurity posture while demonstrating they are a security-forward organization with customer trust, business resiliency, and network stability top-of-mind.
Quantum Xchange can help your organizations become NIST-standard ready. Contact us today.