The Quantum Codebreaker: Governments vs. the Next Big Threat

Petra: Welcome to Deep Pockets with Petra Söderling, the show about governments and innovation. With each episode we bring you a person and a topic that is part of this larger concept of how countries and regions can create economic advantage by investing in innovation. We're now in season 4. 

Can you believe it? I call this season the random rendezvous. After organizing, scripting, interviewing, editing and marketing 27 episodes, I wanted to give myself a little slack. This season I will invite interesting people I meet online in events or through work. It will be an open mic approach, no scripting, no theme, just me and the guest talking about whatever we feel like, for how long we feel like. Our theme song is by New Orleans Jazz icon Leroy Jones. 

I hope you enjoy this and other episodes. Across the globe, national governments are beginning to prepare for the opportunities but also to the threats that quantum computers will introduce. Even though quantum computers are not in wide use yet, it is well known that they have the potential to break the encryption system that is in use in most modern computing systems, the 2048 bit RSA encryption. In the hands of a bad actor, a quantum computer could easily break into our current banks, healthcare systems, infrastructure management systems, corporations and national securities. 

Even if these quantum computers are not available to bad actors yet, people with malicious intent may be collecting our data now in order to break the encryption later. In other words, the sooner our governments implement protective measures, the better. From a public standpoint, the levels of preparation range from detailed communications on which security system updates to prioritize, efforts to standardize technologies and to future focused mandates such as the recent recommendation by the European Commission for EU member states to define and jointly coordinate an EU level post-quantum cryptography coordinated implementation roadmap. 

Let's take a closer look at the range in preparation in the US, Europe and Asia. In the studio today, I have my colleague Danika Hannon, a bachelor of science and a cyber security grad student. Danika is the deputy head of the Quantum Strategy Institute, QSI, whose goal is to drive the consumer adoption of quantum computing. In her role with QSI, Danika writes thought leadership on quantum computing and business development. She is certified in math prerequisites for quantum and remote data science program. Danika is also linked in top voices on quantum 2024. Welcome back to DeepPockets Danika. 

Danika: Thanks Petra, it's great to be back. 

Petra: Nice to have you. Before we go into the topic of national quantum strategies, tell our listeners a bit about yourself. How did you become interested in something as complex and specific like cyber security and quantum? 

Danika: So this has been a years-long journey to get into both cyber security and quantum computing. For quantum computing, I first learned about quantum mechanics not long after I graduated from my undergrad and I was hooked just right out of the gate of oh this is so interesting and it's something that I started studying on my own time. 

I read as many books and journal articles as I also love problem solving and teamwork. The more I studied about quantum mechanics, the more it occurred to me, you know, I'm spending so much time on this, I should see if I can join the industry somehow. But I love business and I didn't want to focus entirely on physics problems. I wanted to find something that blended quantum mechanics and business together and that's where quantum computing came in. Once that clicked, I started doing a lot of volunteering in the quantum computing space. I was a co-organizer of the Minnesota Quantum Computing Meetup. 

I began volunteering for Woman in Quantum. After that, I served as a business advisor for a food and agricultural startup called Bolts AI. From there, I went on to join Cambridge Quantum, which merged with Honeywell Quantum Solutions to become Quantinuum. And along the way, I was able to join the Quantum Strategy Institute. So I've been remarkably fortunate with quantum to be able to have this strong personal interest in the quantum mechanics and the physics of this, and then also the drive to understand business problems and how the physics and the business fits together. And that's what really pulled me into quantum. From the cybersecurity standpoint, I started paying attention to hackers when they were first becoming a global phenomenon. People weren't really sure what was going on with it, but it was starting to gather the public's attention outside of the cybersecurity industry. 

That was back in 2013. So here we are now in 2024, and I'm earning a master's degree in cybersecurity. And in between those, in between those two points, I kept paying really close attention to cybersecurity and learning about, oh, wow, you know, here's another space that's highly complex, it's technical, and it's also remarkably human. Whenever you look at an attacker's behavior, you can start to break down, why are they doing this, what are they after, and how are they doing it? 

And then from a defensive standpoint, you can look at things in the same way of what do I have that's valuable for someone to want to take, how do I defend that? So as those two interests in quantum computing and cybersecurity started to come together, there's this rich space with global post quantum cryptography strategies that you and I have really been researching. And it has been so much fun to watch these two areas come together. 

But from a personal standpoint, the way that I got into these spaces is by having a strong sense of curiosity and just diving in and researching and meeting people and getting excited about this stuff. 

Petra: Yeah, yeah, that is so fascinating. And also thank you for inviting me to the Women in Quantum. So it's all thanks to you that that I'm also excited about quantum. 

So thank you for sharing this, Danica. Let's talk about the threats that quantum computers could pose to our national securities. Do you agree with the introduction that I read in the beginning on this topic? 

Danika: Yes, I completely agree with you. Since the idea of quantum computers were first introduced, there's been a running joke that the technology is always 10 years away. But now we're at a point where the threat of a 2048 bit encryption being, of 2048 bit RSA encryption being at risk is slowly becoming a reality. 

And what we're seeing now is global governments responding to this threat. For public resources, there's a ton of information out there. Different US government agencies have provided detailed guidance on how to prepare for the quantum threat all the way down to the order in which assets need to be protected. In Europe and Asia are offering more high level guidance with the EU in particular stating that their member states should coordinate an EU level post quantum cryptography coordinated implementation roadmap. So in terms of how global governments are responding, we're seeing different approaches being taken on the US, Europe and Asia, which makes us a very exciting area to watch. 

Petra: Yeah, let's break it down. Thank you. So you are American as we can hear from your accent. You're recording this from the beautiful state of Colorado. What can you tell us about the US government? What are they doing more specifically? 

Danika: The US is moving quickly to get safeguards in place. After launching the National Quantum Initiative and the National Quantum Initiative Act in 2018, the government's been energizing both national labs and private companies to work on solving these issues. More recently, the Secretary of Commerce approved four algorithms and they were standardized by the National Institute of Standards and Technology or NIST. And these four PQC standards include a public key mechanism, crystals, fiber, and three digital signature, digital signature schemes. 

These are crystals, dilithium, falcon and Sphinx plus. So according to NIST, it is intended that these algorithms will be capable of protecting sensitive US government information well into the foreseeable future, including after the advent of quantum computers. The National Security Agency at NSA has already taken a fast track approach. And instead of waiting for NIST to finalize algorithms, back in 2022, they began implementing crystals, kyber and crystals, dilithium in its national security systems. Ultimately, the NSA is updating aiming to update all their systems by 2033. 

Petra: And thank you. And I should say that we will have the episode transcript on our website, petrosoddling.com, because we are both using a lot of names and acronyms that might not stick with the listener. 

Okay, so you can go and read all the terminology on our website. So that's the US. What about Europe? I did mention that they have this coordinated roadmap. Are they, they're as worried as the US? 

Danika: Europe is forward thinking. So Europe launched the quantum flagship and associated budget also in 2018 to consolidate and expand European scientific leadership and quantum technologies. And looking forward, the European Commission has made several announcements that contribute to addressing a threat. First, the Euro QCI, which is a highly secure pan European communication network based on quantum technology. Euro QCI will enhance security for data centers, communication networks and critical infrastructure like hospitals and power plants via quantum safe fiber optics and satellite. In conjunction with that, the project Nostradamus, which is a testing infrastructure for European quantum key distribution or QKD companies, is there for companies to test their products. These QKD products will be used in Euro QCI and other related public and private connections. Second, we have the European Commission, which announced in 2024 that it will be creating a PQC coordinated implementation roadmap. 

The purpose of this coordinated roadmap is to make sure that European member states are working towards a quantum strategy and their transition to post quantum photography. With regards to standards, both the European Union Agency for Cybersecurity or NISA and the European Commission recommends that Europe develops, evaluates and adopts a common European set of common European PQC. 

Petra: PQC. PQC. What we're trying to say here is that the European Commission recommends that Europe develops, evaluates and adopts common European PQC standards. So on the topic of the European Union, European Commission recommendation for the post quantum cryptography coordinated roadmap, our team, so Petr Soudering and Co, including myself and Danika, and several other topic experts that we have in the team are here to help EU governments with writing their PQC roadmaps. So Danika, you and I also did a study for the Quantum Strategy Institute on how Asian countries are looking at quantum safety. Tell us about that study. 

Danika: So as Asia is not a region that would have a unified quantum governance body, we did research on a country level and combined it into a summarized article. What we're seeing is that early indicators in our reporting show that quantum key distribution is the preferred solution over a more comprehensive algorithm or algorithm supported hardware infrastructure. Of the eight Asian countries that have publicly available information of their post quantum cryptography strategies, India is the only one that has recommended NIST algorithms. Although it's worth noting that they recommend PQC as a primary solution and NIST as a secondary solution. 

From an implementation standpoint, QKD is a costly solution that requires new infrastructure and advocating for QKD, Asian countries will need to dedicate funding to the implementation and ongoing maintenance for that infrastructure. 

Petra: Thank you. That was a very quick look into post quantum cryptography. So we are definitely also going to post more material on our website. I do have one final question for you, Danika. What are you looking forward to this Labor Day 2024 when we are recording this episode? What gets you excited? 

Danika: Tomorrow is the start of fall semester, and this is my final semester before I graduate with my cybersecurity master's degree. Only 14 weeks stand between me and the finish line. I am thrilled about that. 

Petra: That is so cool. This has been a Deep Pockets interview with Danika Hännel. Thank you so much for coming back to the show. Thank you, Patra. You've listened to Deep Pockets with Petra Söderling. To subscribe to content, please go to PetraSöderling.com. The wonderful music you heard is by Leroy Jones, an iconic New Orleans jazz hall of fame trumpetist. 

You can find this and other Leroy Jones tunes at your favorite online or offline music store. Thanks for listening, and be sure to subscribe, like, rate, and share our episodes. It means a lot to me and to my guests. Thank you.