Quantum computing cyber risks Quantum computing cyber risks

Firstly, to the positives. Quantum computing will enable us to calculate things that we just can’t calculate right now. It could have huge and positive benefits in areas like science and medicine. It could also be a powerful tool across business sectors. In TMT, for example, it could help telco businesses with the planning of the complex movements of their fleets of field engineers, instantly recalculating and re-planning when any disruptions or unexpected events occur. Anything relating to data, probabilities, permutations, forecasts, models, logistics – quantum will potentially change the game.

Ultimately, when quantum computers are used everywhere it will also lead to better security as Vincent Van Wingerden observed when he said: “Theoretically, quantum computers will allow us to send signals that are completely safe.”

The challenge, though, is getting there. Because many of the forms of communication and security we use now – commonly based on public key encryption (asymmetric cryptography) – will be wide open to quantum capabilities.

As Michele Mosca said: “Cryptography is a foundational piece in today’s digital infrastructures and security. Not all cryptography will be vulnerable to quantum computing, but many current forms will. Public key encryption could be decimated by it. Past communications, for example, such as those via video calls or through VPNs that have been recorded and stored could be hacked into through quantum. That ship has sailed.”

This is a ‘now’ problem not an issue for the future – because much of the technology currently being deployed by businesses will still be in use in 15-20 years’ time. That’s why thinking about quantum and quantum-readiness needs to start today.

However, in a snap poll that we carried out at the event, 45 percent of attendees said the quantum threat was not on their business’ radar at all; 30 percent have only had early discussions; and just 25 percent have engaged with experts to protect the business.

Getting to grips with quantum now makes sense on many levels. No one wants to be left behind in something that could ultimately revolutionise their industry. And it makes financial sense too. It is not expensive to invest in quantum, because you don’t need to buy any hardware or software – it’s all in the cloud. The cost is the people resource you put onto it. It’s worth remembering that it’s cheap to get started now, but expensive to catch up later.

So where should you start? A good place is with a quantum risk assessment. It’s an area that we’re starting to work with growing numbers of TMT clients on – identifying risk points, establishing a roadmap to address them and thinking about the lifecycle management that will be needed.

One of the most common problems, as Daniel Shiu pointed out, is that businesses frequently don’t know where they are using public key encryption: “Public key encryption presents a massive attack surface via quantum. Businesses don’t know how vulnerable they are because they don’t actually know where public key encryption is being used across their enterprise.”

If all of this sounds quite scary, the more reassuring point is that solutions are being developed. As Daniel Shiu observed, the advent of quantum is in fact creating (through necessity) an opportunity to rethink and revisit the assumptions the internet was created on way back in the 1990s. Or, as Michele Mosca put it: “There’s a chance to ‘build back better’ - though it will take some years.”

As Vincent Van Wingerden said: “Different types of encryption are being developed to mitigate against quantum risks and some of these are quite well-advanced. There are some methods already that we believe will be resilient. New types of cryptography will eventually replace the old.”

There was some variation in opinion on how far things have come. But there was certainly an overall consensus that solutions can be found, through techniques such as hash chains, symmetric cryptography, quantum key distribution and hybrid key agreements.

There is certainly a need for solutions. We could possibly expect to see some well-funded nation states introducing quantum techniques into their attack methods within the coming years.

That’s why it’s critical to take action. It’s OK not to be ready right now, but it’s not OK not to be doing anything. Create a team in charge of quantum readiness – and make that their core role, rather than a side-of-desk add-on. Give them senior support and backing. Make it part of lifecycle management and be prepared to be asked by the Board about it – they’ll put the question sooner or later.

Another risk to bear in mind: as quantum grows, we can expect a significant skills crunch. People with the requisite quantum knowledge – both on the opportunity and cyber risk side – will be in huge demand. I hope the government helps push the agenda to build quantum skills in the UK. With such game-changing technology, we’ll need them!

If you would like to attend our next event, which will be focused on the 'Future of Customer in the TMT sector' and will take place on Tuesday 23rd November from 12pm, please email  Sarah Noel to confirm your place.