IBM describes quantum computing as, “specialized technology - including computer hardware and algorithms that take advantage of quantum mechanics - to solve complex problems that classical computers or supercomputers can’t solve, or can’t solve quickly enough.”1 Quantum computing has been at the forefront of technological discourse for some time now, and the mechanisms by which they operate are truly extraordinary. Concepts such as "superpositions" and "entangled particles" are examples of mechanisms utilized by quantum computing. Entangled particles were famously labeled "spooky action at a distance" by Einstein,2 capturing the intriguing and mysterious nature of the science behind quantum computers. Quantum computers have the potential to revolutionize multiple fields, including medical science, machine learning (ML), environmental sciences, and other fields of advancement. However, it also presents a significant risk to cybersecurity. The ever-increasing, and impressive, capabilities of quantum computers could potentially break current encryption methods, necessitating advancements in cryptographic techniques to safeguard sensitive information.
Quantum computers have the potential to revolutionize multiple fields, including medical science, machine learning (ML), environmental sciences, and other fields of advancement.
Should We be Worried about Quantum Computing?
Michele Mosca, a co-founder and deputy director of the Institute for Quantum Computing at the University of Waterloo, stated, “I have estimated a one-in-seven chance that some of the fundamental public-key cryptography tools upon which we rely today will be broken by 2026 and a 50 percent chance by 2031. Although the quantum attacks are not happening yet, critical decisions need to be taken today in order to be able to respond to these threats in the future, and organizations are already being differentiated by how well they can articulate their readiness.”3 The timelines Mosca mentioned fit the predictions of many in the field.
It is for that reason the World Economic Forum stated in a report, “As of December 2023, 24 countries have some form of national initiative or strategy to support quantum technology development.”4 The report estimates that US $40 billion is being spent on quantum initiatives worldwide by the public sector.
Governments are beginning to take steps to address the imminent quantum threat. For example, the U.S. passed the Quantum Computing Cybersecurity Preparedness Act,5 a legislative measure aimed at preparing federal information technology systems for the advent of quantum computing, particularly focusing on cybersecurity implications. The act emphasizes collaboration with the National Institute of Standards and Technology (NIST), which has been leading efforts to develop and standardize post-quantum cryptographic algorithms. NIST's work includes selecting and validating algorithms that can withstand quantum computing attacks. Similar initiatives are being undertaken globally to ensure a coordinated response to these new cybersecurity challenges.
So, why does it seem like quantum computing is suddenly the most alarming threat? NIST suggests, “Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.”6 NIST’s assertion is backed by the likes of IBM, one of the private enterprises on the forefront of the evolution of quantum computing. IBM echoes NIST in this sentiment, “we’re aware that a quantum computer of sufficient scale and quality would crack today’s data encryption schemes, and it will take time to transition to new cryptography - so it’s crucial we begin preparing today.”7 Even the Fast Identity Online (FIDO) Alliance stated in a paper that, “migration takes time, and security agencies are requesting to plan for protection now, a post-quantum strategy for migration is necessary.” 8 Clearly, regulatory bodies and security organizations believe that the potential risk posed by quantum computing warrants immediate attention. It is high time that the broader cybersecurity community aligns with this perspective.
Suggestions for Organizations
How can organizations prepare to mitigate the emerging cybersecurity threats posed by quantum computers? Here are some strategic suggestions:
Conduct a quantum inventory and risk assessment—Develop a comprehensive inventory of hardware and software that could be using quantum-sensitive components, then evaluate those systems for potential vulnerabilities to quantum attacks and prioritize them based on potential impacts to your organization.
Stay informed—Engage with the wider quantum computing community and collaborate with others to stay on the leading edge of advancements in quantum-resistant technologies. Maybe even invest in research and development to help explore and understand how quantum computing will impact your organization.
Develop a roadmap—Create a transition plan for migrating to quantum-resistant cryptography, including discovery, timelines, and resource allocation, and ensure continuous monitoring and testing of new implementations.
Invest in quantum-safe technology and solutions—Upgrade systems to support quantum-resistant encryption and develop systems and applications that, at a minimum, are flexible enough to incorporate quantum-resistant solutions as they become available.
Develop in-house subject matter experts—Find and commission professionals in the field to dive head-first into the realm of quantum computing. Developing in-house SMEs will help determine what the impact of quantum may be for your organization by those who are already part of it and understand your business.
Be prepared for regulatory changes—As governments realize the impact quantum computers can have (when developed to a sufficient capacity), they will level regulatory changes to protect their nations from state-sponsored attacks by those who may develop the technology faster than themselves. Make no mistake, there is a quantum computing arms race going on in the background and the only way to survive an attack is to be prepared at the national level. Preparedness will inevitably mean regulations, so organizations need to be ready to make the necessary changes, which will require investment.
As we approach the age of quantum computing, it has become increasingly urgent to prepare for a post-quantum world to maintain cybersecurity. Quantum computers, with their ever-increasing and unparalleled computing power, pose a significant threat to current cryptographic methods. This threat is consistently in the background as nations wage an arms race to be the first to reach the computational levels required to be a threat, but it can also be the solution to developing countermeasures. The impending shift towards quantum mandates that proactive measures be implemented to protect sensitive data. The transition to a post-quantum stance is no longer a theoretical exercise; it is an urgent imperative because time is running out.
Endnotes
1 IBM, “What is Quantum Computing?”
2 Einstein, A.; Born, M.; Born-Einstein Letters, 1916-1955: Friendship, Politics and Physics in Uncertain Times, Palgrave Macmillan, USA, 2004
3 Mosca, M.; Quantum Computing: A New Threat to Cybersecurity, 5 September 2016
4 World Economic Forum, Quantum Economy Blueprint, January 2024
5 Coker, J.; “President Biden Signs Quantum Cybersecurity Preparedness Act into Law,” Infosecurity Magazine, 23 December 2022
6 National Institute of Standards and Technology (NIST), Post-Quantum Cryptography, January 2017
7 Gambetta, J.; “Quantum-centric Supercomputing: The Next Wave of Computing,” 9 November 2022
8 FIDO Alliance, “Addressing FIDO Alliance’s Technologies in a Post Quantum World,” January 2024
Brian Odian
Is a respected global leader within the ever-evolving cybersecurity sector. As Director of Asia Pacific Compliance and Risk Services at VikingCloud, he guides iconic regional and global entities in best practice security and compliance, mitigating cyberrisk in an increasingly changeable threat landscape. Over the past 36 years, Odian has traveled the world, driving global security programs to fruition across banking, financial services, government, retail, communication, manufacturing, and aviation domains. Highly credentialled in project management, security, and compliance disciplines, he is an active industry contributor, and his thought leadership has influenced the design of complex sophisticated cybersecurity solutions.
