The short answer is yes. The long answer is they will, but quick action could ease the damage.
Quantum computers harness the laws of quantum mechanics to quickly solve problems too complex for classical computers.
“Complex problems” are ones with so many variables interacting in complicated ways that no classical computer at any scale could solve them—at least not within tens of thousands or even millions of years.
IBM gives the example of a classical computer being able to sort through a big database of molecules, but struggling to simulate how those molecules behave.
It’s these complex problems that the world would enormously benefit from solving and that quantum computers are being developed to handle.
Use cases for quantum computing are emerging across industries for simulations (e.g. simulating molecular structures in drug discovery or climate modelling) and optimization (e.g. optimizing shipping routes and flight paths, enhancing machine learning algorithms, or developing advanced materials).
But the quantum age won’t be all upside. The quantum threats you might have read about are real. Here are 4 things you must know:
1. Quantum computers present a massive cyber threat to the world’s secured data
Since quantum computers can solve complex computational problems far faster than any classical computer, the day will come when they will be sufficiently powerful and error-resistant to break conventional encryption algorithms (RSA, DSS, Diffie-Hellman, TLS/SSL, etc.) and expose the world’s vast stores of secured data.
The future technology will use what’s known as Shor’s algorithm and other quantum algorithms to break all public key systems that employ integer factorization-based and other cryptography, rendering these conventional encryption algorithms obsolete and putting at risk global communications, stored data, and networks.
All protected financial transactions, trade secrets, health information, critical infrastructure networks, classified databases, blockchain technology, satellite communications, supply chain information, defence and national security data, and more, will be vulnerable to attack.
This video explains exactly how quantum computers will one day “break the internet”:
2. The cyber threat from quantum computing is now urgent
If a recent Chinese report could be proven, “Q-Day”—the point at which large quantum computers will break the world’s encryption algorithms—could come as soon as 2025. Until now, estimates had put it 5–20 years away.
Bad actors, as well as nation-states such as Russia and China, are already intercepting and stockpiling data for “steal now, decrypt later” (SNDL) attacks by future quantum computers, and experts are urging organizations to pay attention and prepare now.
The financial sector is particularly vulnerable and will require rapid development of robust quantum communication and data protection regimes. The transition will take time and, with Q-Day already on the immediate horizon, experts agree there’s no time to waste.
Top of Form
3. The world is already mobilizing against quantum threats
Governments and industry have had decades to plan their defence against the encryption-busting potential of quantum computers, and now things are heating up.
Alibaba, Amazon, IBM, Google, and Microsoft have already launched commercial quantum-computing cloud services and in December 2023 IBM launched its next iteration of a quantum computer, IBM Quantum System Two, the most powerful known example of the technology (but still not there in terms of the power required to crack current encryption techniques).
Importantly, the US National Institute of Standards and Technology (NIST) will this year release four post-quantum cryptographic (PQC) standards “to protect against future, potentially adversarial, cryptanalytically-relevant quantum computer (CRQC) capabilities. A CRQC would have the potential to break public-key systems (sometimes referred to as asymmetric cryptography) that are used to protect information systems today.”
The goal is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks.
4. Organizations are being urged to prepare now
In late August 2023 the US Government published its quantum readiness guide with advice for organization from the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) about how to proactively develop and build capabilities to secure critical information and systems from being compromised by quantum computers.
The advice for organizations, particularly those supporting critical infrastructure, is in four parts:
- Establish a quantum readiness roadmap.
- Engage with technology vendors to discuss post-quantum roadmaps.
- Conduct an inventory to identify and understand cryptographic systems and assets.
- Create migration plans that prioritize the most sensitive and critical assets.
The US Government says it’s urging immediate action since “many of the cryptographic products, protocols, and services used today that rely on public key algorithms (e.g., RivestShamir-Adleman [RSA], Elliptic Curve Diffie-Hellman [ECDH], and Elliptic Curve Digital Signature Algorithm [ECDSA]) will need to be updated, replaced, or significantly altered to employ quantum-resistant PQC algorithms, to protect against this future threat.”
“Organizations are encouraged to proactively prepare for future migration to products implementing the post-quantum cryptographic standards.”
Alongside the readiness guide is a game from the CISA, designed to help organizations across the critical infrastructure community identify actionable insights about the future and emerging risks, and proactively develop risk management strategies to implement now.
The clear message in all the government advice and industry action is to be prepared such that your organization is ready to enact a seamless transition when quantum computing does become reality.
As Rob Joyce, Director of NSA Cybersecurity, says: “The transition to a secured quantum computing era is a long-term intensive community effort that will require extensive collaboration between government and industry. The key is to be on this journey today and not wait until the last minute.”
One CSO writer sums it up this way: “This is not a light lift, it is indeed a heavy lift, yet a necessary lift. Sitting on the sidelines and waiting is not an option.”
Is your organization already planning for quantum cryptography?
Read the US Government’s readiness guide.
