Cyber Risk Mitigation in the Era of Quantum Computing

Quantum computing, once widely-viewed as little more than steampunk-inspired sci-fi fantasy, is shaping up to be a game-changing technology that could help to solve some of the world’s most pressing problems.

What is quantum computing?

Before we get started, many of you might be asking ‘what is quantum computing?’. The technology is defined as “the use of quantum-mechanical phenomena such as superposition and entanglement to perform computation.” Or, to put it more simply, while traditional computers can only encode information in bits that take the value of 1 or 0, quantum machines perform calculations based on the probability of an object's state before it is measured — instead of just 1s or 0s — which means they have the potential to process exponentially more data.

From quantum simulations to cybersecurity disruption

These machines will be capable of performing large numerical calculations such as the statistical modeling of chemical reactions, new materials science and engineering, or more accurate predictions of weather patterns. Deloitte experts estimate that within a decade, quantum computing will be able to accelerate solutions to a range of problems in numerous industries.

Along with this modeling ability, quantum computing has the potential to factor large numbers. This could threaten the security basis of public-key cryptography algorithms that underpin many of our daily activities.

Currently, almost all sensitive communications and data shared over the internet or to the cloud are encrypted using what’s known as public key encryption. The public key infrastructure (PKI), which uses public key encryption as a key ingredient, is built into every web browser in use today to secure traffic across the public internet.

It’s the go-to standard for secure online communications, but the superior computational power of quantum computers means they’ll be able to break — or decrypt — public key encryption almost instantly. This means an adversarial nation-state or cybercriminal gang with access to quantum computing capabilities could access any and all communications and data encrypted using PKI, a worrying thought for organizations and government agencies involved in critical infrastructure and national security.

How to prepare for quantum-computing cyber risks

While post-quantum cryptography standards are still being finalized, businesses and other organizations can start preparing today. One way to reduce the cyber risk from quantum computing, or other new technologies, is to start preparing for their potential impact in advance.

The first thing organizations should do is to carry out a quantum risk assessment, which will help to identify risk points and establish a roadmap to address them.

This roadmap should include preparing to replace some of the components of PKI encryption, such as the encryption schemes used inside it.

The National Institute of Standards and Technology (NIST) has been working to analyze and select the best public key encryption and digital signature schemes that remain secure even in a post-quantum world.

Of course, this isn’t the immediate solution to mitigate post-quantum risk, as such standards still require infrastructure and need to be implemented within new and existing business technology and security systems.

The latest quantum threats’ mitigation strategies

There are a number of things enterprises can do now to prepare for the upcoming impact of quantum computers on public key encryption.

As per NIST’s own advice, businesses need to identify algorithms at risk. These can include not only security tools and products but also algorithms in use by service providers and software and hardware used elsewhere in the organization. Businesses should look to automation technologies, such as artificial intelligence (AI) and machine learning (ML), to speed up what could become a long, manual process.

IT leaders should also move to educate corporate leaders and business stakeholders about the potential quantum risks, and begin conducting research into new quantum-resistant and crypto-agile tools.

Quantum computing will be here sooner than we think. While it will undoubtedly revolutionize the speed with which large data sets can be processed and enable great technological advancements, it also poses a real threat to cybersecurity. It’s important that businesses start preparing now because if we wait until quantum computers start breaking our encryption, it will be too late.