7
Findings
This chapter consolidates the findings from the previous chapters. For completeness, it also repeats the summaries of risks and actions for the Intelligence Community that were documented at the end of the discussion in Chapter 5 of the scenarios that the committee identified.
FINDINGS FROM CHAPTER 2 (INTRODUCTION TO ENCRYPTION)
FINDING 2.1: Stateful digital signatures based on hash functions are practical today and will remain secure even if large-scale quantum computers are practical or if new number theoretic attacks are developed that affect other quantum-resistant signature algorithms. These algorithms may be appropriate for use in specific scenarios such as firmware signing. While their wide application would pose some difficulties for system implementers, they would provide a viable digital signature option for some use cases in the event that a cryptanalytic breakthrough rendered other digital signature algorithms vulnerable.
FINDING 2.2: For smaller-scale applications within a single sophisticated organization with little tolerance for the possible risks to public-key cryptography (whether from a mathematical advance or quantum computers), it may be possible to use key distribution centers (KDCs) to replace or augment some uses of public-key cryptography. Because of the different trust models and attack surface, deploying KDCs to replace public-key cryptographic functions in open settings like Hypertext Transfer Protocol Secure (HTTPS) would be difficult technically, politically, and logistically.
FINDING 2.3: If an organization has encrypted information in the past using keys negotiated with an algorithm that later becomes vulnerable to cryptanalysis by a quantum or classical computer, there is little that the organization can do at the cryptographic level to prevent future decryption of ciphertexts that have already been intercepted and stored by an adversary. Organizations in that situation may be best served by understanding their risks from decryption of previously encrypted information, assembling an inventory of such information, and taking measures to limit the damage in the event that information is decrypted in the future.
FINDING 2.4: The research community continues to make improvements in the technology of computation on encrypted data. Such improvements can be expected to enable new ways of securely sharing both government and private-sector information.
FINDINGS FROM CHAPTER 4 (DRIVERS)
Findings Pertaining to Scientific Advances
FINDING 4.1: Most of the current public scientific expertise in algorithm design, cryptanalysis, and other areas of applied cryptography is outside the United States, largely in Europe. In contrast, within the United States, cryptography is taught as an area of theoretical computer science. The specific areas of expertise necessary to guide and facilitate the transition to post-quantum cryptography are relatively new and will require a more robust educational pipeline to train new talent.1 Public research investment, through the National Science Foundation and other organizations, would encourage this process, while strict U.S. export control regulations have historically discouraged talent from locating in the United States.
FINDING 4.2: An improvement in asymmetric cryptanalysis algorithms could have a significant effect on the security of public key encryption algorithms that are in wide use today. Such an improvement would enable more efficient attacks on encrypted information using conventional computers rather than requiring the construction of a quantum computer. Furthermore, it could potentially be exploited in secret and with little or no advance notice.
Findings Pertaining to Society and Governance
FINDING 4.3: It is difficult to predict what mix will occur of low or high levels of government regulation of cryptocurrencies. Low levels of regulation will be subject to criticism for facilitating criminal activity. High levels of regulation will be subject to criticism for excessive surveillance. Market and technological factors further make it difficult to predict future growth in the sector. Of this uncertainty, it is also uncertain the extent to which intelligence agencies will retain, increase, or decrease their access to financial, transactional information.
FINDING 4.4: Forces for both globalization and fragmentation will be present. Even if the committee were in a position to predict whether globalization or fragmentation were more likely to prevail, these trends are complex and interrelated. Some trends reinforce themselves and others prompt opposite reactions. Thus, it is difficult to determine which forces are likely to prevail on any given issue. In theory, this means that the Intelligence Community will need to be prepared for alternative extremes—for example, a world in which authoritarian governments weaken or ban encryption in ordinary communications, and a world in which governments support pervasive use of encryption citing privacy and security concerns. Because that preparation is impossible to sustain over any meaningful period, there will be a premium on accurate detection of trends at the earliest possible stage and managing the risk of an incorrect assessment.
FINDING 4.5: The Internet and increasing technological interdependence promotes globalization. The shared experience of individuals around the globe owing to information and communications being instantly and ubiquitously available is a powerful cause of international commonality. That factor, along with convergence of technologies, ever-increasing global interdependence on all levels and across economic and political sectors, the continued growth of world trade and the likely ongoing increase in the role of the private sector, with
___________________
1 To understand the cryptographic landscape, one must receive a Ph.D. in cryptography with at least 3–5 years of highly specialized training in graduate school. Even though the information is freely available on the Internet, the sheer volume of information and high degree of specialization means that without hands-on advising, it is nearly impossible to learn the skillset necessary to become proficient in cryptography.
its constant drive for efficiency and common standards, will tend to powerfully mold the world in a unified way, increasing the likelihood that nations around the world will take similar approaches to issues relevant to encryption.
FINDING 4.6: Governmental regulation, for better or worse, of communications technology may lead to fragmentation on national lines. National security concerns have the effect, whether specifically intended or not, of creating competing national technologies—by limiting the exports of sensitive technology or by curtailing imports of equipment that may permit surreptitious surveillance by a foreign manufacturer or its government. Potent forces are present, for both beneficial and malicious reasons, that could predispose the global arrangement toward individual nationalistic or regional solutions to issues bearing on encryption. In many countries, there is growing support for “digital sovereignty,” a term that can mean various things ranging from having regulatory decisions made nationally instead of by Silicon Valley, and support for protectionist trade policies, to segmenting the Internet by blocking communications with other countries. In addition, national regulations to promote online competition, enhance cybersecurity, curtail hate speech, and protect citizens’ data privacy might well vary significantly around the globe and even in geopolitical regions where there might otherwise be commonality. A rise in citizens’ mistrust of governments (especially in the area of surveillance) might lead to a corresponding growth in the use of encrypted communications (both to avoid government surveillance and in response to general privacy concerns). Moreover, individual countries or blocs of like-minded countries might impose (or continue to impose) substantive communications content requirements enabled by technological distinctions at national levels, including, for example, banning or discouraging end-to-end encryption (so as to permit government surveillance), or mandating a variety of governmental access to otherwise encrypted communications (perhaps through required turnover of encryption keys to authorities or insisting on the use of specified encryption schemes).
Findings Pertaining to Systems
FINDING 4.7: In most cases, a common set of security protocols and cryptographic algorithms are used globally, and systems and networks today are largely interoperable. This may not remain the case; the factors that led to this interoperability are weakening, and pressures to create national and regional differences are growing.
FINDING 4.8: In every scenario, bugs in software and operational errors are the weakest links in security.2
FINDING 4.9: Communications and storage depend on a software stack: hypervisor (a program that allows a computer to run several operating systems simultaneously), operating system, libraries, and application. While quantum computers or mathematical advances are important research topics, bugs or operational mistakes in this stack are the biggest source of system insecurity. Exploiting these errors is, and likely will remain, the biggest opportunity for offense, and minimizing them the highest priority for defense.
FINDING 4.10: The United States needs far more data security expertise than is currently available, and these needs are growing substantially. The failure to meet these needs could have significant and widespread ramifications both for national security and the private sector. All software developers and computer scientists require basic competence in computer security. In addition, a growing number of people will require deep expertise in security. The required skills are not easy to teach, as students need both security-focused knowledge and a deep technical knowledge across multiple subjects and layers of abstraction. If the U.S. educational system does not meet these needs, or if the United States becomes a less attractive destination for students, researchers, and entrepreneurs born in other countries, the shortage will be much worse. Technological changes
___________________
2 T. Armerding, 2016, “The OPM Breach Report: A Long Time Coming,” CSO Online, October 13, https://www.csoonline.com/article/3130682/the-opm-breach-report-a-long-time-coming.html.
may rapidly increase demand for rare skills or may reduce demand by enabling tasks that currently require exceptionally skilled individuals to be performed by a broader range of people.
FINDING 4.11: Practical knowledge about the security of cryptographic systems will continue to be widely disseminated across the globe. Effective work (offensive or defensive) can be performed by a few skilled individuals. As a result, unlike areas where a country can obtain dominant capabilities by incurring costs that other countries cannot afford, many countries will have significant data security capabilities and none will be dominant.
FINDING 4.12: The transition to post-quantum cryptography is likely to be prolonged over many years. It may also provide a rationale for replacing obsolete systems that have other security problems.
FINDING 4.13: The complexity of the transition to post-quantum cryptography will likely introduce a range of new security vulnerabilities.
FINDING 4.14: A new classical cryptanalysis algorithm or quantum computing development could result in rushed and disorganized efforts to replace widely used public key algorithms or other cryptographic standards. Such a breakthrough would require mitigation efforts that would be more complex than fixing typical software bugs, such as the coordinated deployment of major protocol updates across implementations and services.
FINDING 4.15: 5G may introduce a number of new systems issues in practice, owing to both complex new suites of software and operator inexperience in distributed cloud environments.
FINDING 4.16: Many Internet of Things (IoT) components are poorly secured and easy to subvert, with an extremely wide range of consequences that are difficult to predict but potentially very high impact for the Intelligence Community and broader society. Because IoT will likely bring significant improvements to many aspects of life, however, more money and energy may be devoted to securing such devices going forward.
FINDING FROM CHAPTER 6 (IMPLICATIONS FOR U.S. INTELLIGENCE)
FINDING 6.1: With more adversary nations (especially China) seeking and making advances in encryption and as academic researchers (especially in Europe) continue to invest in cryptography and advance the theory and practice of encryption, the advantage that the Intelligence Community enjoyed in this area will diminish if not disappear.
Table 7.1 presents a summary of the risks and opportunities that would be realized if the various scenarios were to come to pass. Table 7.2 presents actions that could be of benefit if the scenarios were to occur.
TABLE 7.1 Summary of Risks and Opportunities from Scenarios
Risk | Opportunity |
---|---|
Weakening or shifting alliances
|
In all three scenarios, the Intelligence Community is faced with the challenge of building alliances. While each of these scenarios includes the “Fragmented” Society and Governance driver, that is no accident, because the committee believes that it is the most relevant to explore. For this risk, it appears that the endpoints in the other two drivers are not irrelevant, but simply provide different details to a similar narrative: The Intelligence Community, and the United States, will need to invest resources into strengthening existing alliances and/or building new ones over the coming decades. With ever-shifting bilateral alliances it may be hard (slow) to pivot to new targets or allies; and it is unwise to share important secrets with any other nation. The Intelligence Community, and the United States, will need to consider how it shares information and perhaps look more to transactional, ad hoc, arrangements, rather than traditional alliances that dominated the previous decades. |
Recruiting, hiring, and retaining the “best and brightest employees”
|
In both Scenarios 2 and 6, finding and retaining qualified personnel becomes a challenge. Both are at the “Fragmented” and “Disruptive” endpoints of their respective driver, and this combination will present a challenge. A few reasons for this challenge emerged from discussions among committee members:
|
Multitude of targets
|
In both Scenarios 2 and 6, the combination of “Fragmented” and “Disruptive” seems to drive each country to seek its own unique system or form of encryption. If that is the case, then it is possible that the Intelligence Community would not have the resources to monitor and penetrate all systems of interest. With less data crossing borders, and higher “walls” protecting the information, the Intelligence Community will not be able to focus resources on choke points and will have to rely on more resources or identify “insiders” within the countries themselves to support data collection. |
TABLE 7.2 Summary of Actions from Scenarios
Action | Description |
---|---|
Move to mature systems
|
This will require enormous effort across the United States, as the current status is at the “chaotic” end of the spectrum for nearly all systems. It is not clear that anyone really understands the implications of good cybersecurity because there is no real-world experience to draw on. It is also unclear how to move toward such systems in practice, although the 2021 cybersecurity Executive Order appears to be an attempt to make an initial move in that direction. This issue is much larger than the Intelligence Community and would require effort from major companies, researchers and start-ups, and the U.S. government. It is likely that very heavy investments would be required for research and especially for real-world implementations. |
Focus on ensuring that the United States can provide an adequate supply of high-quality, trustworthy staff
|
Although the large number of foreign-born students in STEM is a major blessing for our country, it should not be taken as a given and may not continue. The U.S. government should work toward considerable improvement in K–12 mathematics and science education in particular. Advanced cryptographic research is poorly and unevenly funded in the United States; steady, long-term funding should be available for graduate students in cryptography and for efforts that may lead to mature systems (e.g., practical assured programming languages). |
Limit/mitigate fragmentation, both in technologies and between the United States and allies
|
The Intelligence Community and the United States will need to consult with current allies and try to leverage purchasing power to push common standards and increase implementation maturity. The Intelligence Community will need to emphasize its efforts to preserve existing relationships with allies, but plan to potentially pivot toward new, perhaps short-term relationships. Such a pivot will require both political resources and tending such relationships. Last, because technology fragmentation is a key feature of each scenario, the Intelligence Community needs to learn new technologies and standards; there will be many more of them than at present, and with a higher rate of disruptive scientific advances. |
Focus on alliances
|
While the alliances might look different in 2040 (and in each scenario), the Intelligence Community will still depend on partners to support its offensive and defensive operations. Whether those alliances are long-standing and deep-seated or ad hoc and built to meet specific needs will be determined by the operating environment. The Intelligence Community will need to take steps today, however, to prepare for a more fragmented world in 2040. |