In May, President Biden signed two presidential directives to bolster quantum information science in the U.S. with a special focus on cybersecurity. 

Post-Quantum is one of four finalists in the National Institute of Standards and Technology (NIST) competition to set post-quantum cryptography standards and has worked with high-profile organizations including NATO in the trialing of a quantum-safe VPN.

Post-Quantum CEO Andersen Cheng began alerting the cybersecurity community that quantum computing posed a threat to encryption as early as 2009, before most people had even heard of it. While quantum computing is still a nascent technology, he argues that government and industry bodies should prepare now.

“Back in 2009, the common opinion was it was just not possible,” he says. “Even now, in the public domain, people say quantum computing is 10 to 20 years away. In the cyber world, they say it’s five to 10 years away, but in the intelligence world it’s just three to five years away.”

Cheng says he coined the phrase “harvest now; decrypt later” six years ago, to describe threat actors intercepting internet traffic and storing it for later decryption when practical quantum computers come into existence.

While it was previously widely disputed, even the likes of GCHQ and the NSA now admit it’s happening right in front of their eyes, says Cheng, noting that Border Gateway Protocol (BGP), which dictates the route internet communications take, is a threat point.

“If I want to communicate with you over the internet, you need a domain, which I look up on the Domain Name System (DNS). The BGP tells me the route to get there. That can be broken and diverted to another entity or server somewhere, then people can collect the traffic without being able to decrypt it,” Cheng explains.

“That's been happening in the past few years, and from time to time you would have internet traffic suddenly getting rerouted to a server in Eastern Europe or Russia, for no apparent reason, then the back to normal two, three hours later.

“The only sensible conclusion is maybe people are diverting it to steal the data now. And it didn't just happen to just like some tiny ISPs; some of the big names as well, like AWS and Yahoo. So, it's not science fiction anymore.”

Cheng says President Biden launching the quantum initiative is extremely important because it serves as the impetus for organizations to carry out the quantum migration that they may have been putting off up until now.

Similarly, the National Institute of Standards and Technology (NIST) has been running a multi-year competition to set post-quantum cryptography standards. Announcing a winner has been delayed from March but it is now imminent off the back of the presidential initiatives.

“We understand that they have decided on the technical end a long time ago, but now there's just some IP or patent issues to be addressed,” explains Cheng.

“But because of the executive order, people say they just cannot delay any more. because the migration is a multi-year effort. It can easily take up to 10 years, if not longer, because every single device or e-commerce platform we use today has to be upgraded. The first beneficiary of this huge migration will be the consulting firms and systems integrators because today it is like Y2K happening every day.“