For some time now, science and IT communities have hailed quantum computing as a revolutionary force. With the potential to one day solve complex problems across industries, the power of quantum holds endless possibilities. Among others, it promises medical breakthroughs, important scientific discoveries and key developments in manufacturing.
As it stands today, a fully functioning and practical quantum computer does not exist. However, in the global race to create the world’s first, organizations and governments have both made it a priority to continually announce new quantum projects.
For example, in this year’s Autumn Budget, Chancellor Philip Hammond unveiled plans to plough a further £1.6 billion into quantum computing, artificial intelligence and nuclear fusion technologies in the UK. In reaction, scientists at The University of Sussex stated that if they receive part of this funding, they will build a new quantum computing facility in Brighton – with the aim to put years of research into practice and solve some of ‘humanity’s greatest problems’.
Though the benefits associated to quantum are vast, like any major technological innovation it does have the potential to introduce risks to the current IT infrastructure. One of the main concerns is its ability to render encryption useless – meaning that sensitive financial and personal data could at any time be made easily accessible.
Given that quantum computers are in the creation stage, these threats are not imminent. However, due to the rapid pace of innovation, and the amount of money being invested, these concerns should be something that every industry is prepared for.
The current threat: the shift from volumetric attacks to “quantum attacks”
Over the past few years, there has been a noticeable transition from volumetric cyber-attacks to “quantum attacks”. Though today’s quantum attacks are small - with the addition of attack vectors, botnets and ports - it’s likely that they’ll quickly become increasingly complex.
In a typical scenario today, an anomaly of 300 Mbps would not likely be noticed by a company running various applications in the cloud – meaning an attack of this size would not trigger cloud failover. As a result, a savvy attacker who is familiar with this open window could potentially attempt to bypass security endpoints without triggering cloud failover mitigation.
However, stronger attacks require quantum resources that have not been developed yet. While this does buy organizations time to adapt defenses, the faster quantum computing develops, the more dangerous these threats become. As a result, the challenge for companies to defend against quantum attacks becomes more intricate, and the importance of a thorough quantum security strategy becomes a matter of ‘when’, not ‘if’.
The future threat: “the era of post-quantum cryptography”
While it’s unknown when a major organization or country will reveal a fully functioning and practical quantum computer, there’s no doubt that it’s simply a matter of time. In fact, the National Institute of Standards Technology (NIST) has coined this tipping point the “era of post-quantum cryptography”.
To grasp how a cyber-criminal can potentially utilize quantum technology to cause a major data breach, experts often refer to an example in “What is quantum computing” by the Information Technology and Innovation Foundation.
Imagine a phonebook with 10 million entries: a standard search algorithm would take five million attempts to find the entry it is looking for. On the other hand, a quantum computer would only need 1,000 operations - making it 5,000 times faster.
At this speed, a quantum computer in the hands of a hacker could create major chaos and could even decrypt sensitive government information - resulting in a devastating cyber-attack unlike ever before.
An education in quantum
As a starting point, it is imperative that IT professionals begin researching and monitoring quantum computing developments, trends and attacks, as well as paying attention to global quantum standards and regulation.
In addition, security teams should work together with experienced and reputable partners to protect data. NIST, along with other key players in the security industry, have begun to conduct studies into quantum-safe cryptographic algorithms for classical computers. These are thought to be capable of resisting quantum attacks.
Ensuring security strategies and systems are fully up-to-date is also vital. Only necessary services should be allowed to operate with an organization’s IT infrastructure. Unneeded services should be removed as they could act as a window for quantum attacks if not properly maintained.
While quantum computing looks to deliver solutions to some of earth’s most complicated predicaments, its threat to the cybersecurity landscape is not easy to solve. Across the globe, IT experts will need to completely reshape strategy, algorithms and existing systems – essentially building a completely new approach to information security.