Quantum computing is poised to significantly impact space networks, with 2022 marking a pivotal year for quantum regulations. One of the most notable advances came when the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) finalized a principal set of encryption algorithms in August, which are designed to withstand cyberattacks from a quantum computer. These algorithms represent the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project and are ready for immediate use. This development heralds a new era for cybersecurity, particularly for industries reliant on traditional cryptographic measures.
The Importance of Post-Quantum Cryptography Standards
Roger Grimes, a data-driven defense evangelist at KnowBe4, emphasizes the importance of these standards in an interview with Space Security Sentinel. Grimes has pointed out that while the U.S. government has been advising organizations to prepare for the post-quantum era since 2016, meaningful actions could not be taken until the official post-quantum cryptography standards were released. With these new standards now available, Grimes advocates that organizations need to commence projects dedicated to this transition, starting with a thorough data protection inventory. This inventory will help determine what data and systems need upgrading or replacing, a fundamental step in securing a post-quantum future.
Compliance with NIST/FIPS standards will likely impact all software, hardware, and firmware, particularly in the satellite and aerospace sectors. Given the unique dynamics of how technology is used and acquired in this industry, updating or replacing cryptography is notably challenging, especially for technology built more than a decade ago. Grimes urges companies in these sectors to establish and resource official project teams promptly and to start data protection inventories if they have not already done so. The objective is to facilitate crypto-agility, a concept designed to make the upgrading or replacing of existing cryptography with newer solutions significantly easier.
Challenges in the Satellite Industry
Grimes describes the satellite industry’s cryptographic practices as outdated. Cryptography in this sector is often deeply embedded in firmware, making it hard to upgrade. This firmware generally lacks the appropriate CPU and memory handling requirements needed for newer algorithms. Additionally, replacing or upgrading this cryptography is often more difficult than necessary. Grimes stresses that anyone considering the satellite or aerospace sector as cutting-edge in terms of cryptography should reassess their views since many aspects remain behind compared to other industries.
Despite evolving approaches in the launch and acquisition of satellites—which now occur in shorter time frames—the satellite sector remains behind many other sectors. The concept of crypto-agility is especially critical in this context, as it facilitates easier upgrades or replacements of existing cryptographic measures with newer, more secure solutions. However, the unique challenges faced by the satellite industry, including longer technology life cycles and stringent regulatory requirements, render this task particularly daunting. Nonetheless, overcoming these hurdles is essential for maintaining the integrity and security of satellite networks in the quantum era.
The Urgency of Transitioning to Quantum-Resistant Ciphers
Looking to the future, Grimes asserts that the quantum era is already here, with the U.S. government aiming for organizations to use post-quantum cryptography by 2030. However, he believes this target date is too conservative, arguing that significant advancements in quantum computing and cryptography have already been made. Grimes speculates that a ‘quantum crypto break,’ where quantum computers could effectively break traditional cryptographic ciphers, might have already occurred or will occur well before 2030. This potential scenario underscores the urgency for organizations to transition to quantum-resistant ciphers as soon as possible.
Quantum computers of sufficient capability could potentially decrypt traditional quantum-susceptible cryptography quickly. Ciphers such as RSA, Diffie-Hellman, Elliptical Curve Cryptography, El-Gamal, and symmetric key sizes smaller than 192 bits are mentioned as particularly vulnerable. These ciphers underpin much of the world’s digital infrastructure, including WiFi, HTTPS, smart cards, banks, credit cards, and cryptocurrencies. Failing to transition to quantum-resistant ciphers before quantum computers become widely available puts encrypted data and authentication at significant risk. This risk extends not only to industries like the satellite sector but also to broader cybersecurity landscapes.
Nation-State Threats and Cybersecurity Concerns
Nation-state attacks on satellite infrastructure have also become a very real and likely scenario. Grimes notes that nation-state attacks are more normalized now than they were a decade ago, affecting not just traditional targets like politicians, media, and military, but also regular organizations including those in critical infrastructure sectors. He advises organizations to assume that adversaries have advanced capabilities and to adjust their defenses accordingly. Grimes underscores the inevitability of satellite technologies being increasingly targeted in cyber warfare, considering it unwise to wait for public announcements of attacks to take action.
In the broader cybersecurity landscape, traditional attack methods like social engineering, unpatched software, and misconfiguration remain dominant concerns. Grimes acknowledges the growing role of AI in enhancing these attacks but cautions against shifting focus away from addressing traditional vulnerabilities. The essence of cybersecurity remains the same: fixing the basics. He suggests that while cyber attack methodologies may evolve, the core principles of effective cybersecurity—covering bases such as patching software, configuring systems securely, and training individuals—remain unchanged.
Preparing for the Quantum Future
Quantum computing is set to revolutionize space networks, with key developments in 2022 marking a significant turning point for quantum regulations. A major milestone occurred in August when the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) completed a crucial set of encryption algorithms. These algorithms are designed to defend against cyberattacks from quantum computers and are now ready for implementation. This achievement signifies the first established standards from NIST’s post-quantum cryptography (PQC) standardization initiative. The introduction of these algorithms signals a transformative shift in cybersecurity, especially for sectors that have heavily depended on traditional cryptographic methods. As industries adapt to these new standards, they’re entering a new era of enhanced security, ensuring robust protection against the forthcoming capabilities of quantum computing. Both the public and private sectors must be proactive in adopting these measures to safeguard their digital environments against future cyber threats.
