Restructuring cybersecurity with the power of quantum
Quantum computing holds the potential to one-day resolve some of the world’s most intricate and pressing conundrums. With the science and technology industry at the forefront of the global battle to defeat COVID-19, for example, it has played a part in discovering viable solutions, not just in the short term but for future pandemics. However, quantum computing is bound to force major changes to the cybersecurity landscape.
About the author
Rodney Joffe, SVP, senior technologist and Fellow, Neustar.
While quantum computing is still in its relative stages of infancy, it’s rapid evolution means it will soon overtake technologies we’ve previously relied on, including high performance cloud computing.
This is why numerous tech giants such as IBM, Google, Amazon and Microsoft have entered the race to achieve what has been coined ‘quantum supremacy’: the competition to build the first fully-functioning and practical quantum computer. Microsoft, for instance, just announced that its quantum computing platform, Azure Quantum, is now available in limited preview.
Advancements such as these, however, have resulted in experts debating how the power of quantum will affect the cybersecurity landscape. Research from the Neustar International Security Council (NISC) recently revealed that almost a quarter of security professionals are already experimenting with quantum computing strategies, worried that it will outpace the development of existing security technologies.
These concerns are, in fact, extremely valid and require urgent action. Looking ahead, laying the foundations for rebuilding our current overarching cybersecurity approach – including our algorithms, strategies and systems – should be a key priority.
Across our most critical industries, quantum computing has the promise to solve what would have previously been described as unsolvable or existential problems.
When it comes to medical development, it has the potential to simulate how drugs will react. This reduces the risk during the commonly used trial and error method, and saves computational chemists both time and money. Already, researchers at Penn State University have announced that they are exploring how machine learning and quantum physics can be used to discover possible treatments for COVID-19.
In addition, Accenture recently published a paper with biotechnology innovator Biogen, which found that as quantum computers become more available, drug discovery will accelerate significantly, allowing scientists to compare much larger molecules.
Drug discovery is not the only area quantum computing will improve. Much has been reported about the technology’s potential to beat climate change in the future. The World Economic Forum recently outlined how, by simulating large complex molecules, it will potentially be able to create new ones for carbon capture.
What’s more, last year, Google and NASA sparked frenzy within the technology community when together they revealed quantum computers hold the capability to compute in three minutes what would usually take supercomputers 10,000 years. While this feat is still years away, it is this level of power that cybersecurity professionals need to begin planning for.
At present, the cybersecurity industry depends on encryption to safeguard devices and personal data. In theory, encryption is possible to crack. In practice, however, it is impossible and would take a colossal amount of time to do so, over timescales of trillions of years.
Cryptography can be categorized in two ways: symmetric and asymmetric cryptography. In symmetric schemes, the same key is used to encrypt and decrypt data. In asymmetric schemes – also known as public key – there is a publicly shared key for encryption and a private key for decryption. Built on complex mathematical calculations, these are crafted for a fundamental purpose: to be so complicated that they would take classical computers too long and use too much computational power to be solved.
However, encryption’s time as a viable solution is limited. Neustar’s research revealed that nearly three quarters (75%) of cybersecurity professionals expect advances in quantum technology to beat current technologies, such as encryption, within the next five years. Its ability to break encryption techniques such as private key poses a major challenge to the cybersecurity industry. In the wrong hands, it could be used to launch a cyberattack on an unprecedented scale.
Given quantum’s ability to crack problems we’ve specifically created to be “unsolvable” at an unrivaled pace, there is a crucial need to create new public key schemes that are resistant to quantum technology. Even though a quantum computer capable of beating encryption is approximately ten years away, quantum-proof encryption needs to be implemented before then.
Planning for quantum requires a careful consideration of its progress. Luckily, most organisations have quantum computing on their radar. In fact, 74% of cybersecurity professionals have admitted to paying close attention to the technology’s development.
Businesses are also required to take note of all encrypted data and make sure it is surrounded by 24/7 monitoring and threat intelligence tools, alongside robust processes. There needs to be a recognition that even though it is impossible for this data to be decrypted currently, advances in quantum computing will mean that it will be vulnerable in future.
The current global pandemic has taught us that we need science and technology more than ever to guide us through challenging times and produce the innovations that will see us benefit in the long run.
The sheer power and uncertainty of quantum should not be viewed negatively – in fact, 87% of CISOs, CSOs, CTOs and security directors admitted that they are excited about the potential positive impact it will have. Quantum computing is part of the future, and the cybersecurity industry has to prepare early for its impact if they wish to reap the benefits.