United States Cyber Command
Fort Meade, Maryland
“The system is compromised.”
The CIA deputy director, a lean man dressed in his normal worsted wool suit leaned back in his chair. “What do you mean compromised?”
The black team lead grimaced. “You have Chinese malware running all over your network.”
“The malware is running inside of SIPRNet?” SIPRNet was the global secure network that the DOD used to communicate. Any malware running on SIPRnet was a very serious breach of security.
“Sir, the malware is running SIPRNet at this point. All your major nodes are compromised, the routers have been infected, it’s everywhere. Land lines, satellites, the works. Looks like a virus, but it doesn’t matter how it got there. The point is that it’s in there.”
The deputy director turned to the Cisco employee in the room. “How is that possible? SIPRnet is completely secured from the internet.”
The Cisco engineer scoffed. You could tell he was extremely senior in the company because he was wearing a Hawaiian shirt and flip flops. “We’ve been telling you for years, the Skittles defense went out of fashion in 1990.” The engineer, a Cisco fellow, was so senior within the organization that he could talk to people in any way he wanted, and he often did.
“Skittles defense?”
“Hard on the outside, soft on the inside.”
“But how did they get in?”
“My guess, they penetrated one or more network segments and decrypted your traffic using quantum computing.”
“Sorry?”
“Quantum computers allow you to solve math problems that are normally extremely difficult to solve. Modern cryptography is based on the idea that the math to break your encryption is so hard it would take a supercomputer a century to solve it. Thus, you are safe because by the time they crack it, you’ve moved on. A quantum computer can solve that problem in minutes. If they can break your encryption, they can do whatever they want.” He looked over at the general in charge of Cyber Command. “Sir, we told you this two years ago.”
“Yes, and we have a funding request in to resolve it.”
“How did that work out for you?”
The general was becoming visibly angry. “It’s your gear that has failed, don’t blame us for your error.”
“It’s operator error. If you drive your car into a wall, that’s not Ford’s fault.”
The general stood up, red faced, but the deputy director put a hand on his shoulder. “Blame game later. What do we do now?”
“You blow up SIPRnet. Start fresh with QR encryption.”
“QR encryption?”
“Quantum resistant. It means that you re-do your encryption to resist quantum computer hacking.” He reached into his backpack and pulled out a document. “It’s all here in the report.” He flipped the thick document on the table. “That we submitted two years ago.”
“Cut the attitude. What can we do right now?”
The Cisco engineer blew out a big breath, his eyes to the ceiling. “I think we have a couple thousand ISR routers in a warehouse in Viginia. Use RFC 8784 pre-shared keys and SKIP for strong encryption of IKEv2 and IPsec packets using post-quantum PPKs. You get me a clean network and I’ll secure it for you. Hell, you have dark fiber between most installations. Rip out all the gear and use the existing glass. Couple of days per site.”
Everyone in the room’s eyes were starting to glaze over from the technobabble. None of them were networking experts and they didn’t understand the underlying details. The deputy director made a slicing motion with his hand. “Net it out for us.”
“The Chinese own you. They’re in your network. We need to build a new one.”
After a few moments the general calmed down enough to think through the problem. “We need something mobile that can work anywhere in CONUS.”
The national security advisor, who had been quiet until this point, laughed. “Starlink.”
The general looked at him for a moment, confused. Then he nodded. “It’s Ukraine again, isn’t it?”
“Yes, the president has been looking for an excuse. This is it.”
“DPA?”
“Yes, I’ll write it up. The president will sign it in seconds.” The Defense Production Act (DPA) was a broad law that essentially allowed the US government to demand that US companies supply things to the government. Normally it was used to ensure that critical components like munitions were produced, but the law was very broad and essentially allowed the government to issue orders to private companies.
The general looked back to the Cisco engineer. “OK, we want a kit that connects a Starlink system to an ISR, pre-configured and ready to go. Pack it into a pelican case and ship them everywhere.” He turned back to the national security advisor. “Add these guys to the DPA.”
“Right.”
The Cisco engineer frowned, concentrating. “The trick is that we need to manually distribute the encryption keys. If we do that, we can use any network, including the internet.”
The general wasn’t convinced. “We cannot use public networks for secure traffic.”
“Sir, you don’t understand me. All networks are essentially public now. Unless you have a single piece of wire and you control both ends, it is a public network at some point. The entire point is that you MUST assume that the bad guys see every packet and make it so that those packets don’t do them any good.”
The CIA deputy director nodded. “We know that the Russians have been going after undersea cables for years. Hell, we did it to them forty years ago; they’re finally catching up. We should assume the Chinese are doing the same thing.” He nodded to himself. “We have to assume that our networks are compromised by default.”
The general finally nodded. “Very well, I want the design vetted by my people here first.”
“Of course.”
“Make it happen.”
“Yes, sir.”