With commercial quantum-computing cloud services by major technology companies like Amazon, Google, IBM, and Microsoft and significant investments in new players such as Quantinuum and PsiQuantum, the quantum computing era, as experts say, is at its dawn. But, are corporations ready to take up the quantum cybersecurity challenge?
The quantum-computing industry is rapidly evolving. Global market projections anticipate a growth trajectory that is estimated to reach US$50 billion by the decade's end. In 2022, the United States government invested over $800 million solely in quantum information science (QIS) research. The Quantum Day, anticipated to materialise as early as 2025, is a pivotal juncture when quantum computers are poised to surpass the computational capabilities of today's most advanced supercomputers.
However, this milestone heralds the potential for quantum machines to breach encryption methods, casting a shadow over the security of data transmitted across public networks. As an aftermath of the Q-Day, experts fear larger threats, including intellectual property theft, exposure of sensitive health records, and vulnerability of military strategies.
The looming threat of "harvest-now, decrypt-later" attacks brings the urgency for organisations to fortify their cybersecurity defenses against quantum vulnerabilities. Proactive measures, therefore, by organisations are an imperative step in the process of quantum risk planning.
The Quantum cybersecurity challenge at a glance
Quantum computing harnesses the principles of quantum mechanics to perform complex computations that are beyond the reach of classical computers. Unlike classical computers that use bits to represent information as either 0 or 1, quantum computers use quantum bits, or qubits, which can represent 0, 1, or both simultaneously due to a phenomenon known as superposition.
This unique property enables quantum computers to explore multiple solutions simultaneously, vastly accelerating problem-solving capabilities. Additionally, quantum computers leverage entanglement, where the state of one qubit is dependent on the state of another, allowing for the creation of highly interconnected systems that can process vast amounts of data in parallel.
As a result, from revolutionising drug research, energy optimisation, and manufacturing processes to bolstering cybersecurity measures and advancing communication technologies, quantum computing holds the potential to usher in a transformative era.
Quantum Computing enhances AI applications, optimises autonomous vehicle navigation, refines financial modeling techniques, and much more, thus, heralding the advent of a new paradigm in computational capabilities.
Feras Tappuni, CEO of SecurityHQ explains:
“A mathematical problem that would take 100 professors 10 years, can now be done in 2 minutes. This will significantly impact the way the world operates. Be it medical research or understanding the universe there are so many things that we use maths for, and maths is the basis of all that we do as a society.
But there is a byproduct to quantum computing. In that it will make our current encryption, the encryption that we have on all our websites, applications, internal and external apps, and anything that is encrypted, which is most things, it has the potential to negate all of it, removing security.”
The impact of quantum computing on the future of cybersecurity
Large tech players, including IBM, Google, and Microsoft, are close to building their quantum computer. China is investing billions of dollars annually towards quantum technology, averaging around $24 billion per year, and has already developed quantum computers.
On the other hand, quantum computers can also break widely used encryption methods at an unprecedented speed. This means that quantum computers have the potential to render current encryption algorithms obsolete, compromising the security of sensitive data transmitted over public networks. This could lead to the exposure of confidential information, such as personal and financial data, intellectual property, and government secrets.
Unless it is feasible to make quantum decryption a reality, "harvest-now, decrypt-later" attacks are going to affect the industries where encrypted data is intercepted and stored. In that respect, the lack of appropriate decryption methodologies may potentially cause quantum computers to disrupt the integrity of digital signatures, compromise cryptographic key exchange protocols, and undermine the security of cryptocurrencies and blockchain technologies.
‘What I estimate is that the first people who will start being affected by quantum computing are those with crypto wallets and crypt currency, because that is an easy target. If you steal bitcoin etc, you can make billions, and they are untraceable, and there is no police force. So, I would watch the crypto wallets first”, warns Feras.
Are we prepared for the future with quantum computing?
Traditional encryption protocols, which have long served as the cornerstone of digital security, are now facing unprecedented vulnerabilities in the face of quantum computing advancements.
Organisations across sectors are grappling with the implications of quantum computing on their cybersecurity posture. Many are reevaluating their encryption strategies and investing in quantum-resistant cryptographic algorithms to future-proof their systems against quantum threats.
However, Feras warns:
“I want to remind people that a lot of us out there, including SecurityHQ, have a duty to care about the 3rd party data that we have. Going into quantum computing makes this element a legal minefield, because if all the passwords are opened up, but you still legally have a duty of care to protect the data of your customers/and third parties, this will affect a lot of businesses out there.”
In this era of quantum computing, collaboration and information sharing are paramount. Cybersecurity professionals, researchers, policymakers, and industry stakeholders must work together to anticipate emerging threats, develop innovative solutions, and establish best practices for securing digital infrastructure in a quantum-enabled world.
“Right now, we are at such an early stage it’s more about education. Education within the business. Understanding how we are going to support our clients. And it’s not like any security company will have the answer here.
There is a heap of information out there on quantum computing. The more awareness and conversations we can have on the topic, the better. It’s getting started, that’s the hard part. But really, it’s simply changing certain parts of the algorithm, and if you get the right expertise on it, it’s not that difficult.
Get an understanding of it, learn about the potential impact, and understand what applications you use internally and externally. And just start making small changes. Start talking to your third parties, ask them if they are quantum proof, have they done an impact/risk assessment etc”, suggests Feras.