WASHINGTON — The U.S. Defense Information Systems Agency has begun monitoring encryption capabilities that could protect defense communications from powerful quantum computers, a top technology official said Thursday.
At DISA’s annual forecast to industry, Stephen Wallace, systems innovation scientist at the agency’s emerging technology directorate, said that quantum-resistant encryption is a new technological area of focus for the agency in fiscal 2021. Quantum-resistant technology is only in the “monitor” stage, Wallace said, and DISA officials are working to get a better understanding of what the technology will mean in the future.
“We are not looking to stand up quantum computers, but we are looking to understand how quantum computers will impact our ability to defend our networks going forward,” Wallace told reporters on a conference call after the event.
Quantum-resistant encryption is becoming increasingly important as near-peer adversaries, including China, work to develop quantum computing capabilities that will be powerful enough to break current encryption capabilities. Though still years away, quantum computers would make secure communications nearly impossible.
He noted that DISA, the DoD’s combat IT support agency, has no active projects on quantum-resistant technology, but told reporters that the agency would like to move “fairly quickly.” Wallace said he believed that quantum computing will become a real threat in the next few years.
“Frankly, our adversaries likely won’t advertise the fact that they’ve achieved a quantum computer,” Wallace told reporters. “We have to have crypto algorithms in place prior to that to allow us to continue in a safe position.”
DISA is looking to partner with the Department of Commerce’s National Institute of Standards and Technology and the National Security Agency that have work underway on quantum-resistant computing, he said. In the future, he said DISA could “quite possibly” put out solicitations on quantum-resistant encryption.
DISA, which has an annual budget of about $9.4 billion and is responsible for DoD network security, is also looking at new cybersecurity measures in fiscal 2021. Wallace said the emerging technology directorate is monitoring encrypted traffic analysis solutions to better detect anomalies in network activity that could pinpoint malware in communications while files are in motion across the network.
The agency wants to improve email security by expanding a Cloud-Based Internet Isolation award that created a protective buffer between DoD users’ internet traffic and DoD networks.
“Now we’re thinking we can take some of those same technologies and apply them to the problem around email and attachments,” Wallace said on the webinar.
The COVID-19 pandemic forced DISA to rethink the DoD’s network perimeter as employees worked from home and introduced new cybersecurity risks. That discussion includes zero-trust cybersecurity concepts, which inherently distrust users, Wallace said. The agency this week released its revised strategic plan for fiscal 2021-2022, which identified zero-trust as an enabling activity for its revised cyber defense priority area.
“We’re actively planning how we can handle perimeter evolution,” Wallace said.
On the conference call with reporters, Wallace added that the COVID-19 pandemic had a significant impact on the new focus areas that the emerging technology directorate chose to focus on in fiscal 2021. Another capability that the directorate plans to learn more about this fiscal year is a concept called telepresence, or technologies that makes someone feel present at a physical meeting location from a remote location. DISA is making a push in remote access to classified information, an effort that was underway but accelerated due to the pandemic. In fiscal 2021, DISA plans to prototype that technology.
“The importance of that [remote classified access] ... was substantially more once COVID hit and our environment changed,” Wallace told reporters.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.