Quantum Mania: How Quantum Computing Will Affect Your Cybersecurity
 

Quantum computing promises extraordinary performance gains that could have a profound impact on global economies, security and welfare. The potential for quantum computing to help create breakthroughs that will transform industries such as financial services, aerospace, and pharmaceuticals has attracted both private and public sector investment.

But guess who else is eyeing up the huge processing power that quantum could unleash? Commonly-used encryption tools will inevitably crumble in the face of future quantum-enabled hackers. And some criminals are already gathering encrypted data so they can attack it as soon as the right tools are available. That means it’s not just Ant-Man who needs to be wary of the quantum realm: CISOs must start planning for the future today.

How Quantum Computing Is Different

Quantum mechanics is physics that’s too small to see: the behaviour of matter and energy at atomic and subatomic scale. Quantum computing applies the principles of quantum physics to information technology.

While classical computing is based on binary bits, quantum computing uses quantum bits, or “qubits”. Like a bit, a qubit can hold a value of 0 or 1, but it can also have a superposition state – being in both states simultaneously. Another important quality is entanglement, which means that one or more qubits can be linked together so that changes to one qubit affect the other, even if those two qubits are light years apart from one another.

Quantum Computing Means We Will Need to Rethink Encryption

If this is a little outside your wheelhouse, don’t worry. As I explained on the Get Cyber Resistant podcast, I feel a good high-level description of a quantum computer is “a very specialised tool that will be able to solve certain problems much faster than we can with normal computers”.
Unfortunately, one of those “problems” could be the encryption that we use today. Encryption uses mathematical functions that make it easy to encrypt data, but very hard to decrypt it, unless you know the secret data we call the “key”. With classical computers, breaking encryption without knowing the key could take billions of years. A quantum machine, however, could break the common RSA encryption scheme far quicker, undermining the foundations of cybersecurity. 

Governments are Getting Ready – and So Should You

Quantum-computing based attacks are not imminent.  There are still challenges to overcome before quantum computers can be more broadly adopted, including the instability of qubits (which must be isolated in order to maintain their quantum coherence), the difficulty of scaling quantum logic gates and a skills gap.

That doesn’t mean we can sit back and relax. Recognising that it will take years to protect an organisation against this quantum threat, the U.S. issued legislation in late 2022 requiring federal agencies to define and implement plans to migrate to post-quantum cryptography. Cyber risk is also a key strand of Standards Australia’s ongoing quantum forum. 

And, as I mentioned earlier, crucial, highly damaging and relatively non-perishable data such as health or bank records could be collected now and harvested later.

Large global corporations have also recognised these risks and have begun embedding processes and technologies to harden the existing cryptographic measures that protect their sensitive data and critical systems against this threat.

Prepare for the Risks of the Quantum Age

Transitioning to quantum-secure measures is a complex process and requires organisations to purposefully audit and prioritise their affected systems and data, and create a clear migration plan. Not only is it good practice to start the process now, but it will also safeguard you from current and future risks.  Some steps you can take to prepare include:

1. Identifying relevant cybersecurity and data security standards, such as NIST’s Post-Quantum Cryptography Standardisation process, and staying abreast of changes
2. Conducting an audit of business-critical assets that assesses where data is stored, who has access to it, what systems your assets communicate with, how they are encrypted and how long they need to be protected
3. Updating response plans and strategy roadmaps to incorporate quantum-related threats

While quantum computing can sound exotic and mysterious, it’s important to recognise the threat it presents to cybersecurity. Attacks which are impractical with today’s technology will suddenly become viable, so preparations must start now to protect your organisation against that risk.

Quantum Computing Is a Tool for CISOs as Well as Hackers

Quantum computing will bring plenty of good cyber news too. Quantum-based cybersecurity tools offer much stronger security guarantees than today’s non-quantum equivalents.  As an example, Quantinuum’s Quantum Origin platform uses the unique behaviour of a quantum computer to create stronger encryption keys that are underpinned by the laws of physics. By embracing this technology today, companies can prevent attackers from taking advantage of weak encryption keys to access encrypted data and systems.  

Another quantum technology, Quantum Key Distribution (QKD), allows two parties to securely exchange encryption keys without the possibility of an attacker eavesdropping on the connection. Any attempt to measure the communication by a third-party will disrupt the quantum system, stopping the exchange. QKD’s range is currently limited, although scientists are working to improve its reach.

Finally, machine learning may be revolutionised as quantum computing begins to allow far higher data volumes to be processed. Detection and response tools should become faster and more sophisticated as a result.

Organisations Must Ready Themselves for the Quantum Age

Quantum computing is in its early days. We don’t yet know the extent of the transformation it will bring, or how quickly quantum computers will spread throughout the business world – or the criminal world, for that matter. 

But while quantum computing is certain to have a profound impact on existing cryptography, it is already delivering innovation in cybersecurity that will help mitigate increasingly sophisticated threats.  

The CISOs that prioritise preparation now, by assessing their risks and the technologies that will help them build resilience, will be best placed to mitigate these advancing risks.