By ROBERT HACKETT
Inside the stark and sweeping Eero Saarinen-styled exterior of the Thomas J. Watson Research Center in Yorktown Heights, IBM’s blue jeans-wearing boffins are assembling a new generation of super-powered computers built on quantum mechanical principles. These otherworldly machines dangle from sturdy, metal frames, looking like golden chandeliers, or robotic beehives. The devices perform their magical-seeming operations inside vacuum-sealed, super-cooled refrigerator encasements. It’s a technology that combines both brains and beauty.
Future iterations of these quantum computers will be able to solve mathematical problems ordinary computers have no hope of computing. They will vastly speed up classical calculations, accurately model complex natural phenomena like chemical reactions, and open as yet unexplored frontiers for scientific inquiry. Despite seeming arcane, machines like these will touch every aspect of our lives—from drug discovery to digital security.
This latter area presents significant challenges. One advantage quantum computers have over traditional ones is a knack for factoring large numbers, an operation so difficult for present-day computers that it has become the foundation for almost all today’s encryption schemes, the code-making that underpins data confidentiality. A sufficiently advanced quantum computer, on the other hand, can chew through these math problems with the destructive force of that metal-melting Xenomorph blood in the Alien film franchise. The prospect of quantum computing necessitates a complete rethinking of cryptography.
Today’s encryption may be rendered obsolete sooner than most people anticipate. As Adam Langley, a senior software engineer at Google, has pointed out in a recent blog post, some experts predict this latter-day Y2K could occur within the decade. Michele Mosca, cofounder of the Institute for Quantum Computing in Waterloo, Ontario, has estimated a 1-in-7 chance that quantum breakthroughs will defeat RSA-2048, a common encryption standard, by 2026. If that’s true, then the time to begin reengineering our digital defenses is now. As Langley writes, waiting around for guidance on standards “seems dangerous.”
Buttressing Langley’s view is a recent paper out of the National Academies of Sciences, Engineering, and Medicine. The research organization determined that, while the advent of an encryption-busting quantum computer is unlikely within the decade, preparations to defend against one must be undertaken as soon as possible. Since web standards take more than a decade to implement, a press release accompanying the paper warned, developing new, attack-resistant algorithms “is critical now.”
The era of quantum computation fast approaches. Fortune 500 companies like IBM, Google, Microsoft, and Intel, are plugging away on the tech alongside smaller startups, like Calif.-based Rigetti. Nation states like China are, meanwhile, dumping billions of dollars into research and development. Whichever entity achieves so-called quantum supremacy first will find itself in possession of unprecedented power—the equivalent of X-Ray goggles for the Internet. That is, unless we act with urgency to armor up.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortunereporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
THREATS
Photobomb. Facebook disclosed that a bug in its software may have exposed up to 6.8 million users’ private photos to app developers. Photos uploaded to the site but not shared on a person’s timeline, as well as photos shared on services such as Facebook Stories and Facebook Marketplace, were said to be potentially affected. Facebook said in a blog post that the since-fixed issue lasted 12 days from Sept. 13 to Sept. 25, and that the company would notify people who were impacted.
She’s a super freak. An external audit of Supermicro, the IT firm at the center of a widely disputed Bloomberg Businessweek report that alleged the presence of Chinese spy chips on the motherboards the company sells, said it found no such malicious implants. Independent investigators turned up no evidence of eavesdropping equipment in their review of current and former models of Supermicro devices. Bloomberg declined to comment on the findings.
Let’s see the replay. A government report has concluded that Equifax, in the lead-up to its disastrous 2017 hack, effectively cared more about making money than securing people’s data. “Had the company taken action to address its observable security issues prior to this cyber attack, the data breach could have been prevented,” said the House Oversight Committee report, which was prepared by the committee’s Republican staff. Equifax responded saying that the report contained “significant inaccuracies.”
Grandmother, what big eyes you have! Android customers should rethink their security. Forbesreporter Thomas Fox-Brewster used a 3D-printed version of his head to defeat the facial recognition lock on several Android phones, including an LG G7 ThinQ, a Samsung S9, a Samsung Note 8, and a OnePlus 6. The iPhone X is the only device that remained, according to Fox-Brewster, “impenetrable.”
We know where you live. A New York Times investigation dug into the shady economy of consumer location-tracking. Reporters discovered they could easily—and with fine granularity—monitor people’s movements as they traveled to their offices, homes, doctor appointments, and schoolyards. Here’s how you can limit the data collected by your apps and devices.
Act of God. A precedent-setting lawsuit is underway between Mondelez, the Fortune 500 snack-maker behind brands such as Nabisco, Oreo, and Cadbury, and Zurich American Insurance Company, its insurance provider. After a global cyberattack dubbed “NotPetya”—widely attributed to Russia—cost Mondelez more than $100 million in losses last year, the food giant filed a claim for coverage. Zurich has declined to reimburse its client, arguing that it is exempt from doing so under an exclusion policy for acts of war by foreign powers. Robert Stines, a partner at the Chicago-based law firm Freeborn, recently drew attention to the dispute with a perspicacious blog post on his website, TechLawX.
Zurich’s position that NotPetya was a hostile or warlike act by a government or sovereign power might be the first of its kind, and should send a ripple through the insurance industry.
In a previous article, I briefly discussed the risk of having “cyber insurance” that excludes warlike or terrorist activity. For a company in the United States, there is little risk of property damage or loss from a warlike or terrorist attack. Rather than pay a higher premium for a policy that covers warlike or terrorist activity, companies happily accept policies with an exclusion. In the cyber age, however, risk managers may have to reconsider whether paying a lower premium is a smart decision in a world where cyber incidents are frequently perpetrated by state-sponsored actors.
The burden will fall on Zurich to prove NotPetya was indeed perpetrated by the Kremlin, which denies all involvement. It’s an unenviable position; in the murky world of cyberwar, definitive attribution can be an onerous proposition.
No comments:
Post a Comment