Rapid Evolution Of Quantum Computing A Concern For CISOs

The rapid evolution of quantum computing and the race to achieve quantum supremacy is becoming a source of concern for cyber security professionals, with a majority of 54% now worried that quantum computing will outpace the development of security technology, creating risks and threats, according to a study.

Defined as the demonstration of a quantum computer’s dominance by performing previously impossible calculations at unmatched speeds while proving a traditional computer could never have performed the same operation, quantum supremacy has already been claimed by Google earlier in 2019, although this is a matter of considerable debate and scepticism.

At the start of December Google, IBM and Microsoft were officially joined in the race to achieve quantum supremacy by Amazon Web Services (AWS) when it revealed Amazon Braket, a quantum-computing-as-a-service concept, at its Re:Invent conference in Las Vegas.

The study of CISOs and other security pros was conducted by the Neustar International Security Council (NISC). It found that 73% expected advances in quantum to overcome legacy technology by the end of 2024. A total of 93% believed that quantum computers, when they become achievable, will “overwhelm” security technology. Just 7% said that true quantum supremacy won’t ever happen.

A majority also said their organisations were paying close attention to quantum computing – in fact, just over 20% said they were already experimenting with their own strategies – and despite their reservations, an overwhelming number of respondents said they were excited about positive impacts from quantum.

NISC chair Rodney Joffe, who also serves as security CTO at its parent business Neustar, said that the biggest concerns about the impact of quantum computing related to encryption, possible to crack in theory but impossible in practice precisely because it would take an inconceivably long time. This is a hurdle that quantum computing could, theoretically, overcome.

“Without the protective shield of encryption, a quantum computer in the hands of a malicious actor could launch a cyber attack unlike anything we’ve ever seen,” he said.

“For both today’s major attacks, and also the small-scale, targeted threats that we are seeing more frequently, it is vital that IT professionals begin responding to quantum immediately. The security community has already launched a research effort into quantum-proof cryptography, but information professionals at every organisation holding sensitive data should have quantum on their radar.

“Quantum computing’s ability to solve our great scientific and technological challenges will also be its ability to disrupt everything we know about computer security. Ultimately, IT experts of every stripe will need to work to rebuild the algorithms, strategies, and systems that form our approach to cyber security,” said Joffe.

Warnings over the possible security implications of quantum computing deployed as a threat vector have been circulating for some time now, and many security researchers are already hard at work addressing the problem.

In 2018, a collaboration at BT’s Adastral Park research base, under the auspices of the UK’s National Quantum Technologies Programme, created a world’s first “ultra-secure” quantum network, effectively protected by the laws of physics.

The network was described as virtually unhackable due to its reliance on single particles of light, or photons, to transmit encryption keys across a fibre broadband network. If the communication is intercepted, the sender can tell the link has been tampered with, and the compromised photons cannot then be used as part of the key. This has the effect of making the data stream completely incomprehensible to the attacker.