Marine Link
Friday, June 20, 2025

Harvest Now Decrypt Later

Maritime Activity Reports, Inc.

May 22, 2025

© Leopard / Adobe Stock

© Leopard / Adobe Stock

The threat that AI and quantum computing pose to cyber security is already here, even before these technologies are mature enough to crack today’s encryption methods. Bad actors are taking a “harvest now decrypt later” approach to cyberattacks.

Classical encryption methods like Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC) rely on the difficulty of factoring large numbers or solving discrete logarithm problems.

“Breaking these public, asymmetric key encryption schemes is a practical impossibility for classical systems. However, quantum decryption may manage to uproot these standard encryption algorithms,” says Andrew Williams, a member of the board of directors for cyber security company SENTRIQS.

Williams is a former UK maritime counterterrorism and security coordinator with extensive experience identifying threats and advising both the British government and international partners on maritime security strategy and strategic threats.

“Harvest now decrypt later attacks started to occur as early as 2015 and have been increasing year on year, although reporting is questionable. Among the drivers for such attacks are the fact that the industry and navies use legacy systems and protocols, and deploy them on vessels that tend to have 20-30 year life cycles with infrequent major technology updates,” says Williams.

The security of systems employing RSA is based on the principle that while it is simple enough to multiply two very large prime numbers, it is exceedingly difficult to reverse, i.e., to factorize that number back into its prime components. Depending on the size of the keys and the algorithm used, estimates range from hundreds to billions of years for classical computing to break these asymmetric keys.

This makes RSA and similar encryption methods practically unbreakable today, says Williams, which is why these encryption schemes have proven valuable over the past 40 years.

Factorization for large numbers using quantum computers and quantum algorithms – such as Shor’s Algorithm – could be significantly faster than classical systems. “While classical systems solve math problems sequentially, quantum computers have the ability to solve math problems simultaneously, making them extremely well suited for certain math problems, such as the ones used to solve for key encryption,” says Williams.

“Projections indicate that an adequately scaled and practically reliable quantum computer would need only a few hours to break RSA encryption algorithms. And because so much of today’s communications rely on RSA and similar encryption standards, the prospect of a quantum computer breaking these schemes presents a serious problem.”

AI is hastening the advance. AI-driven threats are now automating reconnaissance, exfiltration (taking data) and cryptanalysis, enabling adversaries to identify and exploit encryption vulnerabilities faster than ever before.

Machine learning models, especially neural networks, have been increasingly effective at predicting mathematical structures, approximating complex functions and guiding trial-and-error algorithms. This means they can identify weak keys faster and accelerate decryption techniques. “AI doesn’t need to know the theoretical underpinnings of the system it's attacking. It just needs enough training data. Once trained, these models can rip through cryptographic operations like a buzzsaw, bypassing the mathematical protections entirely,” says Damien Fortune, Founder and CEO of SENTRIQS.

The combination of quantum decryption and AI-driven attacks will obliterate conventional security measures, he says, accelerating decryption of harvested data while leaving slow-acting organizations defenseless.

The solution is post-quantum cryptography. “Post-quantum cryptography refers to cryptographic algorithms designed to be secure against the calculating capabilities of quantum computers,” says Fortune. “These quantum-resistant techniques include a variety of algorithmic approaches, including types such as lattice-based, code-based and hash-based techniques. Basically, they make it extremely difficult for quantum computers to solve for a specific task in trying to decrypt encrypted data.”

Post-quantum cryptography protects information and conversations from a quantum-computing led attack, and it also provides protection from near-term attacks that leverage AI and other mass computing techniques.

AI is already reducing the time from data theft to exploitation, and this means there is a need to look for future-proofed protection for data now, says Williams. “Post-quantum encryption provides that opportunity.”

*

This week, Marlink published its Security Operations Center report for the second half of 2024, citing an increase in the adoption of AI tools for hackers. In the six months to December 2024, Marlink’s global network of SOCs monitored 1,998 merchant and leisure vessels, and recorded:

• 9 billion security events and 39 billion firewall events;
• 718,000 alerts and 10,700 malware incidents detected;
• 50 managed major incidents.

ABS Consulting has released: Operationalizing Maritime Cybersecurity: A Strategic Approach for the Cruise Industry, the second in an industry series on maritime cybersecurity. The paper outlines a recommended approach to align cybersecurity initiatives with eight key operational principles, including human safety, marine resilience, guest services and regulatory compliance.

Read the Magazine Sponsored by

New Products

Subscribe for
Maritime Reporter E-News

Maritime Reporter E-News is the maritime industry's largest circulation and most authoritative ENews Service, delivered to your Email five times per week