Earlier this year the government said it was investing in building ‘a quantum-enabled economy’, potentially overhauling healthcare, energy, transport and more. What risks does quantum computing present from a cybersecurity perspective?
Quantum computers leverage the intuition of quantum physics to solve completely new types of maths problems. Ones that, typically, take computers a really long time to solve.
The cryptographic keys used today are based on some of these complex math problems, which quantum computers will be able to solve, exposing the keys, and exposing critical data and compromising security.
Imagine a future where the encryption protecting your personal, financial, health or even national defence data is compromised, so you can no longer trust that data.
That future could be just a few years away—or even closer.
Last month IBM announced they expect to develop a sufficiently capable quantum computer by 2030.
The same year the US Government is pushing as the target for quantum-safe migration, in industries like finance and national security and infrastructure, and the EU won’t be far behind.
This urgency is real—“hack now, decrypt later” attacks are already happening today. The idea that “encrypted data is safe” no longer holds.
What are some examples of how businesses could be impacted if they do not prepare for these post-quantum cryptography risks?
Bad actors, either sponsored by nation states or criminal enterprises will be able to access and unencrypt critical data, so any data that has a lifespan of more than three years from now is at risk. All it takes is for a threat actor to take a copy of your current, encrypted, communications – anything over the public internet, for example. That data is currently encrypted, but given access to a quantum computer in the future, that data can be revealed. If your data still needs to be private in a few years’ time, it needs to be secured now.
A data breach at scale will cause a loss in trust for these organisations, increased and in the not-too-distant future, potential regulatory fines for not protecting critical data and systems.
If you liked this content…
Many technologies now rely on data to make decisions, from identity and access, through to risk and compliance and even on sensors and system controls. If this data can no longer be trusted to be accurate then you can no longer trust in the decisions.
These impacts can be felt more widely too – imagine the chaos if a bad actor changed cancer test results, could turn traffic lights to red or turn off energy distribution networks.
What is stopping public sector organisations acting on these risks? Is there education still needed, or lack of funding?
One of the biggest barriers is education, and an understanding of what to do next. Many organisations are still catching up with traditional cybersecurity best practices, and haven’t yet understood the need to prioritise a strategy for something that’s such a crucial privacy and security risk. A good place to start is in understanding your network, data flows, priorities, risks and needs, and perhaps more education needs to be done on pushing the need for this, in addition to what organisations can physically start doing in the here and now. There is a real need to help organisations understand the risk, and to understand the options available to reduce the risk.
In the UK there has been a lack of independent innovation and funding in software-based quantum safe solutions to address the cybersecurity risks, very much relying on the US to drive the innovation and create standards. This could be a dangerous tactic.
What is the Cavero Quantum solution? How is it different to others on the market?
Cavero Quantum’s solution is designed to be a drop-in replacement for ECDH (one of the most common current key exchange methods, and one that will be compromised by quantum computers in the future). This means it should easily replace current cryptography protocols without the need to re-engineer networks or applications, making it faster and cheaper to deploy than other quantum safe alternatives.
Cavero Quantum’s software based key creation protocol is not based on a complex maths problem, so it will stay secure from quantum attack far longer than math based alternative algorithms. This results in a simpler solution, that is adaptable to use across many use cases and layers of the technology stack.
Why should organisations act now on post-quantum cryptography?
Very simply, today’s data is at risk of been unencrypted in the future, so if this data is important to a business they should act now to ensure it is safe in the future.
