How rapid advances in quantum computing are reshaping cybersecurity
We must all prepare for the end of public key encryption as we know it
With IBM and Microsoft leading the charge to develop the first fully-functioning and practical quantum computer, Google announcing quantum supremacy last year, and Amazon's recent announcement that it is to launch its own quantum computing-as-a-service platform, it's clear things are moving fast in the quantum sphere. But it's not just tech giants getting involved. At the beginning of this year, the White House also revealed plans to increase US federal funding for the development of AI and quantum computing, viewing both as playing a key role in the future of national security.
These developments have led to many questioning what exactly the power of quantum means for the future of cybersecurity. Recent research from the Neustar International Security Council (NISC), found that almost a quarter of security professionals are experimenting with quantum computing strategies in response to concerns that quantum computing will outpace the development of other security technologies.
In fact, responding to quantum computing immediately should be a key priority for the cyber industry. This involves laying the foundations for rebuilding the algorithms, strategies and systems that form our current cybersecurity approach.
The quantum future
With the promise to one day solve complex world problems, quantum computing holds endless possibilities for many of the most important industries, including healthcare, science and finance.
In medical development, for example, it has the potential to simulate how drugs will function, saving computational chemists money and time, and ultimately reducing risk introduced through the trial and error method. Accenture recently launched research with biotechnology innovator Biogen, exploring how drug discovery can be accelerated through quantum computing molecular comparisons. The paper states: "As quantum computers become more readily available, it will be possible to compare molecules that are much larger which opens the door for more pharmaceutical advancements and cures for a range of diseases."
As well as advancing drug discovery, the World Economic Forum recently reported ways that quantum computing can combat climate change through simulating large complex molecules that might be suitable for carbon capture. And last year Google and NASA revealed that quantum computers have the ability to compute in three minutes what would normally take supercomputers 10,000 years, with NASA claiming that "the milestone is the first step towards the future".
It is this level of compute power, however, that has the capacity to upend all we know about cybersecurity.
The cybersecurity challenge
To safeguard communications, devices and personal data, security professionals rely on encryption.
Cryptography falls into two categories: symmetric and asymmetric. In the case of symmetric schemes, the same key is used to encrypt and decrypt data, whereas in asymmetric schemes - also known as public key infrastructure- there is a publically shared key for encryption and a private key for decryption. Based on complicated mathematical problems that are specifically designed so that it would take classical computers too long and require too much computational power to solve them.
However, the vast majority (73 per cent) of cybersecurity professionals polled expect advances in compute to overcome technologies such as RSA encryption, within the next five years. These concerns are not unjustified, with many industry leaders calling for both the public and private sector to act fast to put a post-quantum plan in place. Given the potential to rapidly break public-key encryption, malicious actors could utilise quantum computing to launch a cyberattack on a scale that has never been seen before.
The cybersecurity future
By solving problems that were created to be, in a practical sense, unsolvable, quantum computing is hugely disruptive of current cybersecurity practices.
We need to develop new public key schemes that cannot be broken by quantum computers - a movement called "post-quantum cryptography". While it's been estimated that a general-purpose quantum computer capable of beating encryption may be ten years away, the security community must ensure that quantum-proof encryption is in place before then.
Every organisation should have quantum on their radar. Fortunately, 74 per cent of cybersecurity professionals say they are paying close attention to the technology's evolution.
Security teams and the wider business need to assess the risk to all their encrypted data and security infrastructure and put in place 24/7 monitoring and threat intelligence tools, alongside robust management processes. Even though sensitive and critical data cannot be decrypted now, rapid advances in quantum technology mean that this cannot be guaranteed in even a few years from now.
Eighty-seven per cent of CISOs, CSOs, CTOs and security directors say they are excited about the positive potential of quantum computing. Certainly, its power should not be viewed as negative, but it is something that we all need to understand and prepare for. Ultimately, quantum computing's ability to solve our great scientific and technological challenges will also reshape cybersecurity as we know it.
Rodney Joffe is SVP, senior technologist and fellow at Neustar