Second, understand what data requires what protection and for how long. This is at the heart of modern cybersecurity; you must know your data. What do you have? Where is it? What is the impact if that data is compromised? Cloud computing, zero-trust architecture, artificial intelligence and now quantum computing all drive organizations to have intimate knowledge of their data. Knowing what data will still require security controls in a decade will help organizations prioritize risk and investment in post-quantum encryption methods when they become more available and integrated into U.S. Department of Defense systems and operations.

Third, we must acknowledge that cyber war has blurred the lines between government and private enterprise. Data stolen from both government and private industry can and will be used in the event of such conflict. In the same issue of SIGNAL Magazine, Klint Walker of the Cybersecurity and Infrastructure Security Agency discussed his work on U.S. port cybersecurity exercises, with the hope of expanding the government/private collaboration into a more robust framework. We know that adversaries can and have compromised ports and other infrastructure, as well as private industry, necessary for daily life in the United States. The data of these organizations can be just as important as any government data. Local, tribal, state and federal governments, as well as private industries, must guard their data against the future. Collaboration between these entities is crucial to prevent a potential cybersecurity pandemic in Y2Q.

We are privileged to have expert teams working on the quantum computing advantage in DARPA and ARLIS, which will forge national security initiatives for years to come and lay the foundation for future tools in cyber warfare. Today, however, we must remain vigilant of what the future holds. With the knowledge that adversaries with potential quantum computing capabilities will use “harvest now, encrypt later” tactics against U.S. interests, the priority is to identify long-term critical data and build strong, strategic defensive measures around it to prevent data exfiltration. The adversary cannot decrypt later what they can’t harvest now. We can use today’s defensive technology to prepare for the fight against future threat technologies while awaiting that future defensive technology capability. Securitas per praevidentiam—security through foresight.

Shaun Rieth is a 22-year retired Air Force cyber operator who returned to serve as a federal contractor under INTECON LLC, currently supporting the 557th Weather Wing on Offutt Air Force Base in Nebraska, as a senior cybersecurity analyst in the Defensive Cyber Operations flight. He possesses an MBA, a Bachelor of Science in IT operations management, and CCISO, CISSP and CCSP certifications.