Getting your Trinity Audio player ready...
Israel may face the threat of a quantum-computing-based cyberattack in the coming years, which could potentially compromise encrypted data stored on government and military servers.
According to a new directive obtained by Ynet, the National Digital Agency has instructed all government bodies to begin preparing for this emerging risk. The guidelines require each government body to map its computing and communication infrastructure, identify data that could be exposed, and assess the potential damage if compromised.
3 View gallery
Then-U.S. President Joe Biden visiting a Nividia laboratory working on quantum computing
(Photo: Andrew Harnik / AP)
The next step involves implementing "post-quantum encryption" to protect government systems from the power of future quantum computers.
The Quantum Threat
Quantum computers are still in their infancy, but their capabilities are rapidly growing. Within a few years, these machines are expected to reach the market, offering groundbreaking benefits alongside significant risks. Quantum computers will likely be able to crack current encryption methods, including those safeguarding global banking systems, defense infrastructure, and intelligence networks.
The threat is even more pressing because attackers can already collect encrypted data to decrypt it later when quantum capabilities become available. "The quantum threat is not a distant, futuristic scenario but an immediate reality requiring swift and comprehensive action," the National Digital Agency's directive warned.
Potential risks include intercepting encrypted communications, stealing encrypted computers to decrypt their data in the future, forging digital signatures, compromising blockchain protections, and undermining cryptocurrency transactions. Additionally, quantum-powered cyberattacks could bypass current security defenses.
In response to these threats, many countries are seeking solutions now. One leading approach is post-quantum cryptography, which uses algorithms designed to withstand quantum decryption but can still run on conventional computers.
The U.S. National Institute of Standards and Technology (NIST) recently introduced three such algorithms after years of research. Now, Israeli government bodies have been instructed to prepare for quantum threats and explore these new encryption methods.
Mapping the Risks by 2025
Under the new guidelines, government ministries must require post-quantum encryption capabilities in any new contracts with external tech providers. Additionally, all units must complete a thorough "threat assessment" by the end of 2025.
This process involves identifying encrypted assets that could become targets for data harvesting, evaluating the potential damage of a breach, and developing a response plan. Government-developed encryption systems will also need upgrading to post-quantum standards.
Ofra Frenkel, Israel’s chief government information officer at the National Digital Agency, explained why the agency is now instructing ministries to prepare for quantum-related threats.
How imminent is the threat of quantum computing?
"It's hard to pinpoint exactly when this will happen. When we faced the Y2K bug 25 years ago, we knew the exact date and time of the risk. Quantum computing is different — some experts predict breakthroughs within a year or two, while others believe we're still 10 to 15 years away."
Why release the directive now?
"We’re watching global preparations, particularly in the U.S., where the Biden administration recently updated its guidelines for federal agencies. We’d rather be proactive, mapping the risks now so we’ll be ready to act when the time comes."
The risk here is essentially all the information the government holds. There's no data that would be safe if leaked, right?
"Government policy mandates that all information and systems be encrypted. The problem is that even if it's encrypted, that might not be enough against quantum capabilities."
"Mapping" often sounds like code for "we don’t know where our data is." Do you know where government data is stored?
"Partially. We don’t expect to have full knowledge — that’s why we're instructing ministries to map their systems. If a government IT manager doesn't know where their data is, that's a significant concern. But we trust that the professionals in charge have a clear picture."
Which types of data are most at risk?
"Any database can be significant, but those containing personal, private, or medical information are especially critical. To ensure the government can continue to function, we need to secure these assets first."
Is Israel considering the NIST algorithms for post-quantum encryption?
"The NIST algorithms are still in early stages and haven't been fully tested for performance and reliability. At this point, there's no commercially available solution we can implement. Our priority now is mapping our systems so we can act swiftly once the technology becomes practical."
What challenges do you foresee in this process?
"Mapping is a complex task. We expect government IT teams to know where their sensitive data is stored, but this isn't always straightforward. We're working to ensure each ministry understands its vulnerabilities so that, when the time comes, the encryption transition will be as smooth as possible."
Get the Ynetnews app on your smartphone: Google Play: https://bit.ly/4eJ37pE | Apple App Store: https://bit.ly/3ZL7iNv
Quantum Encryption as a Future Solution
Ultimately, experts believe the best defense against quantum threats will be encryption powered by quantum technology itself. One promising approach is Quantum Key Distribution (QKD), which uses a phenomenon called quantum entanglement to create encryption keys that instantly detect unauthorized access attempts.
However, Israel isn’t there yet. "Implementing post-quantum encryption is still a major challenge," Frenkel said. "The NIST algorithms are in very early stages, and there are still performance issues to resolve. At this point, there's no commercially available solution we can implement.
"For now, the focus is on preparation: mapping vulnerable data and building the infrastructure necessary to implement quantum-resistant encryption as soon as the technology becomes available."