Imagine a future where all of today’s trusted methods of encrypting online data and communications – SSL, SSH, HTTPS and so on – are rendered ineffective. Secure online banking, retail and communications are a thing of the past. The impact of this on our lives – accustomed as we are to socializing, communicating and conducting business online – would clearly be catastrophic.
Could this happen? Well, we’re entering the quantum age - and many believe that as quantum computers become more powerful, it will become trivial for them to “brute force” their way through many of the encryption algorithms routinely used to keep our data safe and our communications private.
Ok, so we’re not yet at the stage where it’s likely that anyone reading this will be browsing the internet on a quantum computer. But companies including IBM, Amazon and Google already offer variations of quantum computing as-a-service, providing access to quantum resources via the cloud.
So, how likely is this doomsday scenario to come about? How seriously is the threat being taken by governments and regulators? And what steps can businesses and individuals take to protect themselves from emerging dangers? Let’s take a look at what the quantum computing revolution means for the future of cyber security and, crucially, what we can do to minimize the threats our businesses and wider society could be facing.
What Is Quantum Computing?
Quantum computers leverage features of quantum mechanics to carry out calculations thousands of times more quickly than classical computers. These features include quantum superposition, which allows for a particle to exist simultaneously in multiple states, and entanglement, where linked particles can affect the states of other particles no matter how far apart they are.
Quantum computers aren’t useful for every task, so most organizations don’t yet have a use case for quantum computing. But they are very useful for speeding up certain math-intensive processes such as those involved in pharmaceutical discovery, modeling extremely complex systems like climate patterns or financial markets, and encrypting (or decrypting) data.
One of the principles involved is the quantum bit – or qubit. In classical computing, data is broken down into bits which can have a value of 1 or 0, as they are essentially switches that can be either on or off. Qubits, however, thanks to superposition, can exist in both states at the same time. This allows quantum computers to carry out certain types of calculations, such as optimization and factorization, incredibly quickly.
Although it’s interesting because of how impossible it sounds, unless you’re a computer scientist working with quantum computers, it isn’t necessary to understand the precise technical details of how they work. What is important, however, is to understand the impact they could potentially have, and one field where that impact could certainly be dramatic is encryption and cyber-security.
Quantum Computing And Cyber-Security
Today, online data security relies on encryption. Everything from the emails we send to secret government communications relies on mathematically scrambling data so it can only be read by those with the digital key to unscramble it. Just like a locked door, though, it’s always possible to force it open if you exert enough pressure. Encryption works on the principle that guessing every potential “key” until you find the right one (known as “brute forcing”) would take a long, long time – thousands of years for even the fastest of today’s classical supercomputers.
RSA and ECC are two of the most common online encryption protocols, which rely on the difficulty of factoring large numbers to make it difficult to “guess” or brute-force the keys. Quantum computers, however, can perform these calculations many millions of times more efficiently than classical computers, meaning they could one day render these protocols obsolete.
As of now, quantum computers aren’t powerful enough to do this, but the expectation that they eventually will be is already cause for concern. The US Government, for example, has recently made “preparing for our post-quantum future” a part of the National Cyber Security Strategy. And the World Economic Forum has quoted estimates that 20 billion digital devices around the world will need to be upgraded or replaced.
How Can I Make My Business Quantum Safe?
The term quantum-safe means that an organization is prepared for the impact that quantum computing will have on its ability to continue operating securely.
For most organizations, this might start with identifying where vulnerabilities exist and developing a strategy for prioritizing and remedying these vulnerabilities.
Broadly speaking, vulnerabilities are likely to exist wherever non-quantum-safe encryption is used to protect sensitive and private data. This could include secure channels of communication, systems for processing and clearing online transactions, sensitive data storage, and digital authentication systems that store and handle passwords, signatures and certification.
Possible solutions might include transitioning to one of the four quantum-resistant cryptographic algorithms defined by the National Institute for Standards and Technology (NIST). These were chosen following a six-year investigation into the types of algorithms most likely to stand up to future quantum-powered cyber-attacks.
And, of course, there is always the possibility of harnessing the power of quantum cryptography itself. Quantum Key Distribution leverages the weird principle inherent to quantum physics, which states that simply observing and measuring entangled quantum objects will cause them to change. Detecting when these changes are caused by an attacker can be made to generate an alert or to automatically refresh the key to prevent unauthorized access.
As always, my advice is to "start with strategy." Implementing a quantum-safe strategy involves identifying where vulnerabilities could disrupt or interrupt your business goals and implementing solutions to mitigate the impact.
A core piece of this work will involve monitoring the “threat landscape” to keep abreast of emerging forms of quantum-powered attack. Cyber-security teams will clearly be at the forefront of monitoring and remedying these emerging threats. But everyone throughout the organization should be aware of the dangers and cognizant of how their vigilance can play a part in the organizational cyber-security strategy.
Quantum Computing And The Future Of Cyber Security
Experts predict that the arrival of quantum computing will lead to a great number of beneficial advances. These could include more efficient drug discovery, more accurate simulations of the environment and climate change, better optimization of complicated supply chain and logistical operations, and new breakthroughs in the capabilities of artificial intelligence and machine learning.
It could also be the key to creating more efficient and environmentally-friendly energy sources, thanks to its ability to solve problems around the creation of power generation and storage. These are problems that involve complex chemical interactions at the sub-atomic level.
And while it clearly poses threats in the domain of cyber security, it also, as we’ve covered, promises to bring us greater security in the form of new encryption technologies and protocols.
However, as with any new technology – nuclear power and artificial intelligence being two prime examples of the modern era– it needs to be approached with careful consideration of the negative implications it could bring.
As we head into the quantum era, ensuring we understand the threats, benefits and implications is key to ensuring our businesses will be ready to leverage the positives while mitigating the negatives. Preparing for this now also means we have the best chance of ensuring that this new and strange technology will be a net positive for people, society and the planet at large.