The journey towards Quantum-Safe Security
Quantum technologies will have a profound effect on the global economy, allowing you to solve complex problems quicker than ever before. But why should this matter as much to executives and cybersecurity experts as it does to scientists?
While news of quantum tech used to be reserved for the scientific community, today we see it hit the headlines of many media outlets as the wider world realises that the ‘post-quantum era’ – a time in which quantum computers and technologies are mainstream – is not that far away.
Alongside the countless benefits quantum will bring, like all new technologies it can also pose risks. Indeed, the main risk a quantum computer can cause is to cybersecurity. So what does this risk look like, and what can business leaders do to make sure their organisation isn’t caught unprepared?
The evolution of quantum technologies
The concept of quantum computing in fact dates back to the 1980s, when physicist Richard Feynman understood that a computing machine following quantum rules could perform some computations faster than a classical computer. Theory turned into practice in the late 1990s and for many years progress was best described as ‘steady’. Recently it’s picked up pace, driven by a number of factors:
- Investment in R&D from tech giants including IBM, Google, Microsoft and Amazon as they look to commercialise the technology
- Over $13bn investment from countries and regions including the EU, USA, UK, Russia and China
- A host of quantum startups looking to capitalise on this growing market
- An exponential growth in development and production (the quantum equivalent of Moore’s Law, so to speak)
A significant milestone in quantum’s history came in October 2019, when Google announced that it had indeed achieved quantum supremacy; the point at which a quantum computer can solve problems that classical computers can’t. Although this claim has been disputed by other contenders like IBM, it is clear that the power of quantum computer is now reaching a stage where useful computations can be performed.
The post-quantum era is just around the corner.
The time in which IBM predicts quantum computing will be mainstream.
What does this mean for industries and organisations?
You’d be forgiven for thinking that computing is the only element of quantum tech, but in fact there are three main branches:
- Quantum computing, which will allow us to perform complex calculations in the fraction of the time it takes today’s ‘classical’ computers thanks to its immense computing power
- Quantum communication, which allows data to be transferred securely over optical fibre networks or free space
- Quantum sensing, which improves measurement accuracies across a number of industrial applications
These technologies will be transformative across areas including cybersecurity, big data & AI, critical infrastructure, scientific and medical research, economic analysis and IoT to name but a few.
Cybersecurity, big data & AI, critical infrastructure, scientific & medical research, economic analysis, IoT
Just some of the areas quantum technologies will improve.
Indeed, some quantum technologies are already doing this today. Companies including IBM and Microsoft are offering quantum computing ‘as a service’, while providers such as SK Telecom and BT are investing in quantum communication infrastructure.
Such developments are leading to a growing awareness among business leaders, alongside IT departments and cybersecurity professionals, as they look at what impact quantum could have on their own organisations.
The role of quantum in cybersecurity
While quantum tech will transform the world we live in for the better, it can be harmful in the wrong hands.
The time in which a quantum computer could break today’s encryption.
MIT Technology Review
We’ve known about this threat since 1994, when MIT professor Peter Shor developed an algorithm that, if run on a powerful enough quantum computer, could render much of today’s encryption standards useless.
Shor’s algorithm implies that such computers would break public key encryption – used to secure everything from financial transactions to personal information – in as little as eight hours.
It’s no wonder that, with recent progress, people are starting to realise the risk. Indeed, a report from Thales found that 72% of organisations believe quantum computing will affect them within five years.
Moreover, no industry will be safeguarded from these risks, making it an issue every executive must address. Thankfully, there are steps you can take today to ensure you remain secure.
of organisations believe quantum computing will affect them within five years.
Thales 2020 Data Threat Report
Introducing Quantum-Safe Security
In order to counter the threat of the quantum computer to cybersecurity, new devices and methods must be applied. This is the field of Quantum-Safe Security. Aptly, some of the technologies that can safeguard you against attacks from quantum computers derive from quantum technologies themselves.
These quantum-safe technologies are currently broken down into four main groups:
- Quantum Random Number Generation (QRNG), which ensures encryption keys aren’t vulnerable to prediction or bias
- Quantum-Ready Network Encryption, which enables encryption systems to incorporate quantum-safe solutions
- Quantum Key Distribution (QKD), which uses photons (particles of light) to transmit keys, ensuring proven secrecy of encryption keys and maximising trust
- Quantum Resistant Algorithms (QRAs), which mitigate risk as they are specifically designed to resist known quantum attacks
By deploying these in the right way, at the right time, you can safeguard your data in the quantum world.
The quantum roadmap
Although nobody can say for certain when the post-quantum era will begin, it’s likely that the technology will be mainstream in 5-10 years. However, this should not lure us into a false sense of security.
Data shared today over the Internet, for example, is already harvested in large datacentres. It may be deciphered later, when a quantum computer is available. Any data with extended confidentiality requirement is already at risk.
In addition, with the average security systems upgrade cycle also lasting this period, now is the time to begin your journey to Quantum-Safe Security.
Many organisations have already done so. This proactiveness not only ensures staff, customers and assets are protected, it also delivers a host of benefits from mitigating the risk of cybersecurity incidents to increasing customer loyalty and trust through forward-thinking innovations.
What must executives do to prepare for the post-quantum era?
To help you navigate the path, there are five main steps you must take to ensure your organisation is ready for the quantum age, and that it remains protected throughout it:
1: Apply QRNG
Ensure your keys are not vulnerable to prediction or bias using a Quantum Random Number Generator. According to NIST “the larger the amount of entropy, the greater the uncertainty in predicting the value of an observation”. In short, this means the more random your numbers, the more protected your data will be.
2: Be proactive
Undertake a quantum risk assessment to understand how your organisation could be affected in the post-quantum era. In an ideal world this will incorporate all your infrastructure and endpoints, though realistically this is a difficult task to undertake all at once.
Instead, you should focus on your business-critical systems first. Identify the ones you use every day, where work would stop if you were without them, and see what would happen if they came under quantum attack. Don’t worry if this isn’t something your equipped to do yourself, there are companies who offer these audits as a service.
3: Ensure agility
Make sure your current encryption solution is crypto-agile and can be easily adapted in the changing cybersecurity landscape. There are already encryption solutions available on the market that are compatible with external sources of entropy (like QRNG), come quantum-ready (compatible with QKD) and support custom algorithms.
4: Add QKD wherever possible
QKD is a technology which uses a fundamental property of quantum physics: observation causes perturbation. Essentially, this means that if your encryption keys are intercepted ‘in motion’, you’re alerted to this fact and can decide not to use them.
QKD is commercially available on medium-length optical links (up to about 100 km). This range can be extended by using so-called Trusted Nodes, and possibly satellites. High-valued data exchanged over these links can and should be protected today.
5: Implement QRAs
Continue your journey and push quantum security to the network edge by implementing Quantum Resistant Algorithms. Currently, NIST is evaluating 26 of these algorithms and draft standards are expected as soon as 2022.
The ideal outcome will be that several algorithms emerge as ‘good choices’, but at the same time we expect there to be complexities as NIST, alongside other standards bodies, balance security with performance. It’s likely that work on such algorithms will continue for years to come.
6: Attain Quantum-Safe security
A combination of all the above will enable your organisation to be ready for the quantum era. Secure data exchange is of paramount importance in today’s economy. You can be an actor in the transition to quantum-safe.