Understanding Quantum Security Essential In Mitigating Risk Of Newest Cyber Threat

Recent revelations about Chinese-backed cyber actor BlackTech are a reminder of our evolving threat landscape. BlackTech has been infiltrating routers to gain undetectable backdoor access to company networks in the United States and Japan. These incidents underscore the vulnerabilities of data being transmitted across unknown or adversarial networks. An equally immanent threat, Harvest Now, Decrypt Later (HNDL), is attacking the data transmission itself, as reported on HelpNetSecurity.com.

With the HNDL strategy, malicious actors harvest data at points of high data concentration during data transmission and plan to decrypt it later, possibly by utilizing future quantum computers that are capable of breaking current encryption standards. The emphasis of HNDL threats is on high-value, long-term data assets like trade secrets or intellectual property.

Understanding quantum security is essential in mitigating the risk of HNDL attacks. Once asymmetric encryption (which is currently not quantum-safe) is broken, session keys and symmetric keys are exposed. Mitigation therefore involves either using quantum-secure encryption or eliminating the transmission of encryption keys.

To secure data, organizations need to take proactive measures in securing data against quantum risks. Legal Ops professionals should communicate with the company’s Chief Information Security Officer (CISO) about implementing these possible solutions:

1. Conduct a comprehensive cryptographic inventory, including where the keys are stored, how they’re managed, and where they originate and end, as well as identifying any use of quantum-at-risk algorithms.
2. Evaluate whether to eliminate key transmissions or leverage quantum-secure solutions that complement the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) standards.
3. Plan to migrate to NIST PQC standards, which provide a robust framework for quantum-resistant cryptographic methods.

By taking steps to adhere to PQC standards and ensure a resilient, future-ready cryptographic defense, organizations of all sizes can create a secure digital future.