Large-scale quantum computers will create new opportunities for improving cybersecurity, but they can also create new and unique exposures. Organizations must understand the specific risks and plan for their systems to be resilient to new types of security threats.
New technological advances are transforming economies through increased productivity and reduced cost of production. Quantum computing is a crucial field being explored as a powerful means to deliver technology’s long-promised replacement of classical computing. There have been talks about advances in quantum computing for some time, but 2020 definitely proved to be ground-breaking.
In July 2020, IBM partnered with leading Japanese corporations and universities to bring quantum computers to the workplace through applications for finance, business, and materials development. In September 2020, Google also achieved a chemistry milestone for quantum computing in stimulating a chemical reaction with its quantum computer and opening a path towards infinite discoveries and inventions.
But, despite the promise, the arrival of this technology may have a detrimental impact on cybersecurity. Although quantum technology may not reach maturity for years, industry leaders are already considering its impact on cybersecurity. ETSI released new recommendations and strategies for shifting to quantum-safe schemes. The Accredited Standards Committee (ASC X9) also issued a new standard for public-key cryptography use of digital signatures.
According to a DigiCert report, 71% of global organizations believe quantum computing will be a major security threat in the near future.
According to Tom DeSot, EVP & CIO of Digital Defense, “In 2021, we are likely to see advances in quantum computing that will have a strong impact on security, especially when it comes to encryption. Given that quantum computers can conduct operations in the 0 and 1 state at the same time, they will far outstrip any existing password or encryption cracking tools that exist today.”
Risks to Cybersecurity
Large-scale quantum computing will bring significant changes to encryption methods. Cybersecurity analysts believe that quantum computing will enable threat actors to break what they believe are secure cryptography methods. Future quantum computers may have the power to break asymmetric encryption solutions that base their security on discrete logarithms or integer factorization. This prediction renders trusted encrypted communication and data storage insecure.
Even though large-scale quantum computers are not commercially available, initiating quantum cybersecurity solutions can have significant advantages. It can provide more robust and compelling opportunities to safeguard critical and confidential data than currently possible.
Planning a Defense Strategy
Even though 2020 has been the year of quantum computing advances, it is still impossible to predict the exact date when quantum computing will arrive. Organizations securing valuable data and other assets are vulnerable to “harvest and decrypt” attacks. They need to be prepared to ensure they secure data at risk today. However, to get in front of the curve, organizations must plan to have robust cybersecurity preparations in place.
Moreover, organizations securing products and solutions with long life cycles, significant development timelines, and high costs to repair need to take proactive steps. They should begin testing and infrastructure-upgrade planning to ensure they are ready before the risk of large-scale, cryptographically relevant quantum computers becomes a reality.
Organizations can begin by taking time to understand the problem, finding all the cryptography in place, and start working on a plan to replace it.
As businesses become more crypto-agile and prepare for deployment, they need to ask their third-party vendors about their transition plans and replace products and services that cannot be upgraded. Businesses then need to put a quantum-safe PKI solution in place to support future upgrades and continue to deploy quantum-safe technologies as they become available. Even though quantum computing may take years to become mainstream, it’s a high-stake situation, and organizations cannot afford to lose.