Breaking Defense: Describe the security challenges presented by the continued development and introduction of quantum computers.<\/b><\/p>\n Kassebaum:\u00a0<\/b>The root cause of the challenge is the inevitability of quantum computers being able to break the most important cryptographic systems we currently rely on. I call it \u2018inevitable\u2019 because there\u2019s no known law of physics that prohibits us from building these devices, and, sure enough, progress continues to be made to improve their performance.<\/p>\n There are two slightly different motivators that come from that same root cause. One is the risk of Store Now, Decrypt Later (SNDL) attacks against the confidentiality of your communications. These attacks include bad actors stealing all of your current data and information, even if it is encrypted, with the goal in mind to decrypt the data once quantum computers are available to decrypt it.<\/p>\n The other motivator is the risk that the interdependent web of trust and hardware systems we rely on for authentication will take too long to migrate to quantum resistant cryptography before useful quantum computers become real.<\/p>\n Breaking Defense: How does Zero Trust apply to the scenarios you\u2019ve described?<\/b><\/p>\n Kassebaum:<\/b>\u00a0Zero trust writ large is like a philosophy, a set of principles that says \u2018never trust anybody or any system.\u2019 Instead, you must become completely reliant on authentication mechanisms and identity access management (IAM) systems. You have to assume that your cybersecurity firewall has been breached and you need to protect everything inside that firewall individually.<\/p>\n The philosophy or principles of Zero Trust cannot be adhered to unless you have the strongest cryptography possible, so you don\u2019t have a Zero Trust system if you don\u2019t use post-quantum cryptography. In other words, cryptography will become your weakest link if you don\u2019t properly execute a Zero Trust cybersecurity posture including post quantum cryptography.<\/p>\n Breaking Defense: Why is that your weakest link?<\/b><\/p>\n Kassebaum:<\/b>\u00a0Let me give a recent example from the news. We read that a suite of executives who run a major IT company had their emails hacked. Russian state actors were doing what\u2019s called \u2018password spraying\u2019 by trying to guess common passwords.<\/p>\n The hackers found a test email system that the company was presumably unaware of which was susceptible to email spraying. That email account had high privileges and access to important files, networks, and permissions inside the company\u2019s system.<\/p>\n This is an example of not following Zero Trust principles because that email system should have had its privileges revoked after the testing was done. It only needed those high privileges during the testing and it should have immediately had those revoked once the testing was complete.<\/p>\n Our cryptographic management solution called SandboxAQ Security Suite regularly monitors your cryptographic assets, such as keys, and how they\u2019re used, such as authentication processes. Our solution would\u2019ve identified how this test email system\u2019s credentials were being used, that the credentials were unusually old, raised a flag in a report, and given best practice advice on how to mitigate the risks.<\/p>\n Cryptographic asset management is one of the foundations to continuously verifying that your system is actually following Zero Trust principles.<\/p>\n Breaking Defense: In a store now, decrypt later attack, what sort of military data might have value 20 years from now?<\/b><\/p>\n Kassebaum:<\/b>\u00a0People would be concerned about any of the advanced technologies that underpin our weapon systems such as stealth materials, navigation capabilities and sensors. For example, we see countries like Iran reverse engineering downed drones, and their process can be aided by data stolen off government networks<\/p>\n This important data and others like it have a shelf life that should and has lasted many decades. These capabilities, and many more like them, have high levels of sophistication and engineering that we must protect from our adversaries to maintain a competitive advantage.<\/p>\n Let me give another poignant example. The identities of Human Intelligence operatives, where they and their families live, and other sensitive information could be deciphered and put to use to harm them long after they\u2019ve retired from their jobs.<\/p>\n Breaking Defense: DISA chose SandboxAQ for the Prototype Quantum Resistant Cryptography Public Key Infrastructure program under an OTA. Tell us about this contract.<\/b><\/p>\n Kassebaum:<\/b>\u00a0DISA selected SandboxAQ and our partners to test core parts of a PKI resistant to cryptographic analysis and exploitation by future quantum computers, to ensure that it will perform as quickly as their current PKI at scale. A PKI is that web of trust I mentioned earlier that\u2019s critical for authentication. DISA has the largest network of machines and users of any one institution in the world, so this problem is especially exacerbated for them. And as a government agency, the pace of procurement processes make it even more important to get started migrating to a quantum-resistant PKI now.<\/p>\n Breaking Defense: You\u2019re partnered with Microsoft and Deloitte on the DISA PKI OTA. Tell us about team responsibilities.<\/b><\/p>\n Kassebaum:<\/b>\u00a0Microsoft and Deloitte have had decade long relationships with DISA and through this contract, Microsoft is providing our test harness and Deloitte is providing integration and services support.<\/p>\n![\"\"](\"https:\/\/www.fie.undef.edu.ar\/ceptm\/wp-content\/uploads\/2024\/03\/Dr.webp\")