Quantum computing is poised to be one of the most transformative technological advancements of the 21st century. But its potential to solve complex problems far beyond the abilities of today’s computers raises many concerns for cybersecurity.
To avoid being exploited by the technology of tomorrow, governments and organizations are preparing today for the rise of quantum computing. Read on to learn how quantum can be used to positively advance cybersecurity, the threats quantum poses, and its likely future implications.
Quantum Computing and Cybersecurity: A Delicate Pairing
The relationship between quantum computing and cybersecurity is a double-edged sword. The good: Quantum technologies promise groundbreaking advancements in secure communication. The bad: Quantum poses unprecedented threats to current encryption standards.
To fully understand this tricky balance, you need to know what “quantum” means in the context of cybersecurity. Quantum computing leverages the principles of quantum mechanics to perform calculations at speeds that are impossible for traditional computers. The use of quantum algorithms such as Shor’s algorithm would enable these machines to solve hugely complicated problems in seconds. So, it’s not hard to imagine how easily quantum computers could break through today’s encryption locks.
“The advent of quantum computers means that we need to change our asymmetric cryptography, because Shor's algorithm says that when these computers get large enough, basically asymmetric cryptography is toast,” explained Scott Crowder, IBM’s Vice President of Quantum Adoption, at VivaTech 2024.
Encryption is central to keeping online information secure. Without adequate controls and protocols, quantum breaches would pose an unprecedented threat to data security. A breakdown of cybersecurity at this level would impact the global economy, national security secrets and the privacy of anyone online.
Quantum computing is still largely in the development phase, but rapid advancements could make this technology available in the near future.
For a fuller explanation of what quantum AI is, check out this article: Quantum AI: Definitions and Use Cases
How Quantum Is Used to Improve Cybersecurity
No one knows exactly how long it will take for quantum computing to become part of our reality, but tech companies are already working to develop enhanced cybersecurity that harnesses this future technology.
Quantum computing is expected to positively impact cybersecurity in the following ways:
Rapid detection of cyberattacks, before any significant damage is done.
Stronger cryptography standards to protect digital data.
Quantum-secure communications that are impenetrable by threat actors.
Still, the focus of current advancements in “quantum security” is largely on defending systems and data against quantum attacks.
Aiming for ‘Quantum-Safe’ Security Levels
Quantum-safe security includes a new generation of cryptographic algorithms designed to withstand attacks by future quantum computers. Governments and enterprises are already transitioning to quantum-safe cybersecurity to protect their critical data.
Several tech giants are leading the charge in post-quantum cryptography (PQC), and last year the National Institute of Standards and Technology (NIST) finalized standards for PQC, paving the way for its widespread adoption.
Post-quantum cryptography refers to cryptographic methods designed to resist attacks from quantum computers. These cryptographic algorithms remain secure even against quantum-powered attacks. The most promising post-quantum approaches to cybersecurity include lattice-based cryptography and quantum key distribution (QKD).
Google began testing post-quantum cryptography in its products in 2016 and has been using PQC to protect internal communications since 2022. Last year Apple introduced PQ3, a post-quantum cryptographic protocol for end-to-end secure messaging. And IBM unveiled a set of tools called IBM Quantum Safe in 2023 designed as a solution to help organizations and governments secure their data against quantum attacks.
New Threats Arising with the Adoption of Quantum Computing
The biggest cybersecurity concerns around quantum involve its potential ability to decrypt sensitive data stolen from governments, militaries, healthcare providers and critical infrastructure providers such as utility companies.
Here are three quantum threats the world is focusing on:
Breaking Existing Encryption Standards Today’s encryption technologies are secure because the computing power needed to "crack the code" is not available yet. But quantum machines would render current encryption methods obsolete. Traditional encryption methods such as symmetric encryption, asymmetric encryption, and hashing are the security backbone of online banking, digital communications, and critical infrastructure. If quantum algorithms are able to easily decipher these methods, any data protected by traditional encryption is vulnerable.
“Harvest Now, Decrypt Later” Attacks A “harvest now, decrypt later” attack is a strategy in which a malicious actor collects and stores encrypted data today with the intent of decrypting it once the quantum computing technology becomes capable. This concern has pushed businesses and governments to transition to quantum-safe security solutions before quantum systems become available. The possibility that the first quantum capable machines could be developed in secret and used by adversaries also drives organizations to protect themselves. Google cites harvest-now, decrypt later attacks as one of the primary reasons the company is preparing for post-quantum cryptography.
Challenges in Implementing Quantum-Safe Systems Transitioning to quantum-safe security is not without its challenges. Legacy systems built on classical encryption protocols are likely to require substantial overhauls, involving time, cost, and technical expertise. Additionally, the development of quantum-safe algorithms have to keep up with advancements in quantum computing to ensure that emerging threats are effectively mitigated. Governments and well-recognized standards bodies are developing directives and standards for post-quantum cryptography, and it is important that organizations stay current to protect their own data.
Quantum’s Future Implications
The immediate focus for cybersecurity is on reducing risks and securing systems, but the broader, long-term potential for quantum technologies to reshape cybersecurity is just as significant.
These are some of the main ways quantum is likely to transform cybersecurity in the future:
Threat Detection and Response Quantum computing’s ability to analyze massive datasets at unprecedented speeds will revolutionize threat detection. Quantum algorithms will be able to identify patterns and anomalies in real time, enabling security systems to detect and respond to cyberattacks more efficiently. This could be particularly beneficial for protecting critical infrastructure and combating sophisticated threats such as ransomware and state-sponsored attacks.
Ultra-Secure Communication Networks Innovations such as quantum internet and satellite-based quantum key distribution (QKD) hold the promise of ultra-secure communication systems that are impenetrable to eavesdropping and interception. These advancements could completely change how sensitive information is transmitted across industries, from healthcare to finance to defense. Some experts have warned however, that even a fully quantum internet could eventually become vulnerable to new attacks from “quantum terrorists.”
Collaboration Across Industries The transition to quantum-safe security will require exceptional collaboration between governments, private organizations, and academic institutions. Frameworks must be established to prevent harm to society and promote responsible quantum development. This is already underway as Amazon, Google, Apple and other major tech firms work with the National Institute of Standards and Technology (NIST) to create standards for post-quantum cryptography. But the need for collective action will only grow as quantum technologies get closer to reality.
Organizations, enterprises and governmental agencies should anticipate new quantum cybersecurity regulations and directives soon. Now is the time to start developing post-quantum security strategies and integrating new quantum-resistant algorithms into systems.
By adopting quantum-safe measures and staying ahead of emerging threats today, businesses and governments can be part of a future where quantum computing is an asset to their cybersecurity instead of a threat.