CYBER MONDAY WEEK 🤑 Get 30% off your TNW for Startups or Scaleups packages when you use code CYBER30 only until December 4 →

This article was published on August 29, 2024

Quantum computing: the inevitable threat to information security

Op-ed by Amir Vashkover, head of Philips Data Security and board advisor to Quantum Knight


Quantum computing: the inevitable threat to information security

In an era where technological advancements continually reshape our world, one of the most significant emerging threats is quantum computing

This powerful technology, while promising revolutionary benefits, poses a substantial risk to our current cybersecurity infrastructure. As we stand on the brink of this quantum revolution, it is imperative to understand the potential dangers and prepare accordingly.

The quantum leap      

Quantum computing harnesses the principles of quantum mechanics to perform computations at speeds unimaginable with classical computers. In 2019, Google proclaimed to have demonstrated “quantum supremacy” when its Sycamore processor solved a problem in 200 seconds that would take the most advanced classical supercomputers nearly 10,000 years.      

While the specific feat was disputed, there is no denying that quantum computing has made tremendous strides toward computation capabilities that are far beyond today’s fastest HPC systems. More recent progress signals the approaching reality of quantum computers capable of breaking existing encryption methods.      

The quantum threat

Current encryption methods, which protect everything from personal data to national security information, rely on the difficulty of solving mathematical problems that classical computers cannot handle efficiently. Quantum computers, however, can solve these problems exponentially faster, rendering traditional encryption obsolete. The risks include:

  • Data Interception and Misuse: All encrypted data could be at risk of interception and decryption by quantum computers.
  • “Harvest Now, Decrypt Later” Attacks: Malicious actors might collect encrypted data now with the intention of decrypting it once quantum computers become available.
  • Compromise of Critical Systems: Failure to migrate to quantum-safe algorithms could lead to breaches in critical business and functional systems, affecting industries like healthcare, finance, and government.

In August 2021, the US National Security Agency (NSA) announced that “adversarial use of a quantum computer could have devastating effects on National Security Systems and the nation as a whole. The enhanced security measures employed by quantum cryptography make it virtually difficult to breach and tackle this situation, offering a level of protection that far exceeds traditional encryption methods, driving the market growth.” 

Who should be concerned? 

Organizations handling confidential data with long-term confidentiality needs, such as personal identifiable information (PII), personal health information (PHI), legal documents, and intellectual property, are at significant risk. Additionally, organizations providing systems with long lifespans, such as medical devices, and suppliers to critical industries must prioritize preparing for quantum threats.

Preparing for the quantum era 

The question is not if quantum computers will break current encryption, but when. Predictions vary, with some experts estimating significant impacts within the next decade. For example, Deloitte suggests serious quantum threats could emerge within ten years, while Forrester forecasts a 50% to 70% chance within five years.

Steps to mitigation

To mitigate these impending threats, organizations must adopt a proactive approach:

  1. Understand Business Contexts and Objectives: Recognize how quantum threats impact specific business operations and data.
  2. Identify Quantum Threats: Assess which aspects of the business are most vulnerable to quantum attacks.
  3. Define Target Maturity: Set goals for achieving quantum-safe security measures.
  4. Assess Current Capabilities: Evaluate existing security measures against future quantum threats.
  5. Focus on Priorities: Prioritize areas that need immediate attention to enhance quantum resilience.
  6. Develop a Quantum Security Roadmap: Create a detailed plan for transitioning to quantum-safe cryptography algorithms.
  7. Show Value from Investments: Communicate the importance and benefits of quantum security investments to stakeholders.
  8. Raise Awareness: Educate all levels of the organization about the quantum threat and necessary precautions.

Post Quantum Cryptography (PQC) initiatives

Post Quantum Cryptography (PQC) is a current top national security priority for most governments. NIST has been struggling with figuring out the next gen FIPS 140.3 (512 bit) regulatory PQC standards, with the very first release starting in August 2024. Of which, Quantum Knight is within the first group of FIPS 140.3 module validations.

These new NIST PQC algorithms are raw ciphers only, not a cryptographic system like CLEAR. After their release on August 13, these NIST algorithms will now have to be made useful and implemented over the next 3-10 years across the entire data ecosystem mentioned above.

Google, Apple, IBM, and others have started upgrading the cryptography within their systems and services and started industry consortiums to begin to discuss and learn how they can implement and make these new algorithms useful for their customers. These efforts only attempt to upgrade their current broken distributed data ecosystem (i.e. the hops/jumps/pass-thrus).

The road ahead 

Transitioning to quantum-safe algorithms is not a straightforward process. It involves:

  • Collaboration: Working with academia, industry, and governments to develop and standardize quantum-resistant algorithms.
  • Resource Allocation: Investing wisely in quantum security technologies and processes.
  • Education: Ensuring stakeholders understand the risks and necessary measures using clear and common terms.
  • Comprehensive Approach: Beyond algorithms, reevaluating protocols, standards, and hardware components to ensure holistic security.

Despite these advancements, the real challenge lies in the implementation and integration of quantum cryptographic solutions.

Many companies struggle to transition from theoretical models to practical applications, resulting in a gap between promise and performance. This is where pioneering startups such as Quantum Knight come in, providing robust and reliable solutions that not only meet but exceed industry standards.

Conclusion

The advent of quantum computing is a double-edged sword, offering unparalleled computational power while threatening to undermine our current cybersecurity frameworks. Organizations must act now, understanding the threat, preparing for the inevitable, and transitioning to quantum-safe practices.

While the timeline remains uncertain, the proactive steps taken today will safeguard the future against the quantum threat.

Amir Vashkover is a seasoned technology leader with vast experience in both operational and leadership roles within the field of Cybersecurity. He currently leads Philips’ Data Security division and is a board advisor at post-quantum encryption provider Quantum Knight. Before that, Amir held leadership positions across multiple industries, including roles as CISO, VP of Business development and Product management. He holds a university degree in Electrical & Computer engineering, and an MBA from leading universities in Israel.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with