Jeff Margolies, Chief Strategy Officer at Saviynt, describes how organizations and governments are preparing for the revolutionary rise of quantum computing.
Earlier this year, in his spring speech, the chancellor announced the UK Government’s new National Quantum Strategy, an ambitious ten-year strategy backed by £2.5bn of public funding to support the rise of quantum computing in the United Kingdom.
This is not the government’s only commitment to quantum innovation. It has also created the Department of Science, Innovation and Technology (DSIT), which has the mission of supporting the country’s ambition to be the world’s most innovative economy and a scientific and technological superpower. Quantum technology is essential to this mission, not only as one of the five leading technologies of the future (quantum computing, artificial intelligence, biological engineering, semiconductors and telecommunications of the future) but also because it will allow all the other technologies on the list to reach their Maximum potential. .
Quantum computing is still in its early stages of maturity, and some experts predict that it will take more than a decade for quantum computers to operate flawlessly. However, organizations are starting to take quantum computing seriously; In fact, IBM alone has deployed more than 60 quantum computers, allowing Fortune 500 companies, startups, academic institutions, and research labs to explore practical applications.
This new era of computing will be transformative for many of these organizations. However, with every new technological advancement, it is vital that you also identify and mitigate all potential security risks.
Advantages of the rise of quantum computing
Quantum computing is inherently different from traditional computing, as it uses a completely new computational approach, based on principles of fundamental physics, to solve extremely complex problems very quickly. This quantum speed is expected to boost productivity and reduce costs in the scientific research, engineering, finance, logistics and manufacturing sectors. At the same time, supply chains and transportation networks are also expected to benefit.
But while the rise of quantum computing will pave the way for discoveries and innovations, it will likely create many new security risks. It is difficult to predict exactly what these threats will be like, as it will depend on how the technology develops. However, organizations using or considering quantum technology must be aware of potential threats and introduce new strategies to bolster their cyber defenses.
Identity and security risks in the quantum field
The speed at which quantum computers can perform calculations could shorten the time needed to crack encryption keys. This will put sensitive data at risk, including financial records, intellectual property or even state secrets. Worse yet, if quantum computers can break most of the encryption methods commonly used today, they could completely lose trust in digital systems and services.
Threat actors will likely use the rise of quantum computing to attack systems such as encryption and launch more detailed attacks targeting particular users or machines. This means that identity-based security will be vital for organizations across all industries.
Since many identity systems rely on cryptographic techniques to protect data and authenticate users, the primary challenge for identity solutions will be to mitigate the risk posed by cryptographic vulnerabilities. As quantum computing becomes more powerful, the likelihood of breaking cryptographic methods will increase, compromising the security of identity systems.
Another big risk is the potential for quantum technology to dramatically improve biometric spoofing techniques, which could be used to bypass verification systems. Attackers may create synthetic biometric data that is indistinguishable from real person data, granting them access to protected systems and data sets.
Preparing for the quantum future
While the rise of quantum computing is still in its early stages and the associated risks are yet to be defined, organizations should pay close attention to government and regulatory guidelines.
Although there is currently no legislation in place, the UK National Quantum Strategy states that the National Protective Security Agency (NPSA) and the National Cyber Security Center (NCSC) will develop and introduce physical and digital security measures that protect assets and support growth.
Meanwhile, the US National Institute of Standards and Technology (NIST) began a process to standardize quantum-secure algorithms for key agreements and digital signatures in 2016 and has narrowed down a field of candidate algorithms, with draft standards expected for 2024.
According to the NCSC, this extended period allows for thorough public scrutiny of the various proposals, while some experts argue that it provides more time to close some of the gaps in NIST guidance. These gaps are related to:
- Timing: Critics say the timeline for developing quantum-resistant standards doesn’t match the speed of innovation. There are concerns that threat actors could outpace the broader adoption of quantum-resistant standards by more quickly developing new codes that break encryption;
- Scope: Other areas of quantum computing may pose security risks, in addition to the quantum-resistant encryption standards that are the focus of NIST’s efforts. Some of them could be types of unforeseen attacks or ways to bypass security measures; and
- Adoption: The quantum-resistant encryption standards being developed by NIST may not be widely adopted due to a lack of awareness and understanding of the risks posed by quantum computing. The cost and complexity of implementing these new security measures may also delay their adoption.
These regulatory efforts are certainly vital to the future of technology development. But organizations must take a holistic approach to quantum security when preparing for its arrival. This should include maintaining an up-to-date information flow on the latest developments, profiling the organization’s security risks, and taking a more proactive stance to mitigate vulnerabilities.
Additionally, organizations are recommended to develop an encryption roadmap to be ready to upgrade their cryptographic protocols as needed. These roadmaps typically include steps on how to:
- Identify sensitive data: This may include financial information, personally identifiable information (PII), health data, or other types of sensitive data;
- Define encryption requirements: The focus here would be on selecting appropriate encryption algorithms, key sizes, and other parameters;
- Assess existing systems: Before implementing any encryption, it is essential to evaluate existing systems and infrastructure to identify potential issues or compatibility issues;
- Develop an encryption plan: After analyzing the encryption requirements and evaluating the system, the organization can develop an encryption plan that outlines the individual steps necessary to implement the appropriate encryption technology;
- Implement encryption: After developing the encryption plan, an organization can move on to implement encryption technology. This includes deploying encryption software and hardware, configuring encryption settings, and ensuring the system runs smoothly; and
- Monitor and maintain encryption: Once the encryption system is working properly, it is vital to monitor its performance and perform regular maintenance. This may include periodic updates to encryption software and a review of encryption policies and procedures.
For now, governments should take precautions
As quantum computing technology is still developing, it is the duty of security leaders to stay informed on the latest legislative guidance and key insights provided by experts in this field.
The NCSC provides regular updates on quantum computing, including white papers and articles. At the same time, IBM, for example, which developed three of the four algorithms currently standardized by NIST for secure quantum encryption, is another valuable resource for news on the progress of quantum computing development. Technological progress takes time, so it will take time for the quantum computing boom to reach its full potential.
However, it is never too early for organizations to begin preparing for the risks and rewards of this transformative technology.