For decades, our digital world has relied on cryptography to keep secrets safe. From the passwords we type into banking apps to the encrypted communications between hospitals, energy networks and military systems. These protections work because, with today’s computers, cracking the complex mathematical equations at the heart of modern encryption would take thousands, if not millions, of years.
But a new era of computing is on the horizon. Quantum computing, once a distant dream, is rapidly becoming a reality. While estimates on when we will achieve a fully functional quantum computer vary, recent news in error correction for quantum computers from Microsoft, Google and Amazon suggest huge progress is being made.
Despite the significant steps forward, it is unlikely there will be a quantum computer in every home in the next five years. However by 2030, at least one cryptographically relevant quantum computer will be online. The arrival of this milestone, Q Day, will cause a seismic shift in cybersecurity. Exposing vulnerabilities in the encryption algorithms that we use in our digital world that were previously considered unbreakable. It will tear through existing encryption methods in seconds, not millennia.
That is why it was incredibly disappointing to see the UK’s latest statement on the Cyber Security and Resilience Bill fail to include reference to the danger a quantum computer poses. This is despite the National Cyber Security Centre putting out advice just the week prior that organisations have to introduce quantum-safe algorithms in the next few years.
The bill is still being developed and will evolve as more threats emerge, but the time for critical infrastructure to prepare is now. The only question is what to do to protect against the threat.
All existing encryption technology will be worthless
The encryption techniques that have been used to protect online communications for decades are virtually unbreakable by conventional computers. Quantum computing, however, will quickly make these encryption techniques obsolete.
All internet communications, including financial transactions, government secrets, corporate trade data, and personal messages, will be vulnerable once a sufficiently powerful quantum computer is developed. No digital communication will be safe.
The potential for a single quantum computer to wreak havoc on a global scale is alarming. This threat doesn’t hinge on widespread availability, a lone machine in the wrong hands could decrypt sensitive data, disrupt financial systems, and manipulate critical infrastructure. The mere possibility of such actions will foster a climate of paranoia, transforming our communications networks into a perpetually vulnerable space unless we take immediate action.
Critical infrastructure is most at risk
The most vulnerable and high-value targets are the systems we rely on every day – namely, critical infrastructure. If a hostile nation or cybercriminal group gains access to a quantum computer before we’ve updated our defences, the results could be catastrophic.
The sectors most at risk include:
- Finance: Banks, payment systems, and the technology that the global financial markets rely on for secure transactions. A quantum-enabled breach could lead to theft on a scale never seen before, or the undermining of global trust in financial systems.
- Telecommunications: The internet backbones, mobile networks and satellite systems of telecommunications providers could be compromised, affecting everything from national security to sending a text to a friend.
- Energy: Power grids, nuclear plants, and oil infrastructure could be hacked, shut down, or worse, causing blackouts and economic paralysis.
- Healthcare: Patient records, hospital systems, and even medical devices could be accessed, manipulated, or destroyed.
- Defence: Military communications, weapons systems, and strategic intelligence would be vulnerable to interception and exploitation.
Protecting against the quantum threat
Thankfully, cybersecurity professionals and researchers have been creating solutions to address the dangers that quantum computing presents. These solutions can be divided into two primary categories: hardware and software-based quantum-safe security solutions.
Post-Quantum Cryptography (PQC) is one of the primary new software solutions to quantum threats. PQC involves developing new encryption algorithms that quantum computers cannot easily break. These cryptographic techniques are designed to replace traditional encryption methods like RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography), which will become obsolete in the quantum era.
There are some advantages to the approach. PQC is relatively easy to implement, hopefully just requiring a coordinated software update without drastically upgrading hardware. This means it can be implemented at scale relatively quickly. It can also work globally. With no hardware involved, location is not a barrier.
The downside however, is there is no guarantee the PQC algorithms can’t be broken. And if they are, there’s no way of knowing. Quantum computers are so new with additional capabilities, the likelihood of the encryption being complex enough to be impossible to break is small. Some proposed PQC algorithms also require more processing power or memory than traditional encryption methods, which could lead to performance slowdowns.
Quantum Key Distribution (QKD) is a hardware-based approach that leverages the principles of quantum mechanics to create secure communication channels. QKD enables two parties to exchange encryption keys by encoding them in single photons, i.e. quantum systems, in a way that makes eavesdropping impossible. If an unauthorised party attempts to intercept the photons to learn about the key, the act of measurement itself alters the data, immediately revealing the intrusion.
The advantage of QKD is that it is based on the laws of physics, meaning that it provides theoretically unhackable encryption. Any attempt to intercept the key exchange is instantly detectable, allowing users to respond immediately without ever putting their communications and information at risk. And unlike PQC, which may eventually be broken by more advanced quantum techniques, QKD offers a long-term security solution.
As a new technology currently being developed, QKD currently requires specialised hardware, including quantum communication networks, making it a more costly solution in the early stages of its commercialisation. Deploying QKD at scale requires fiber-optic networks or satellite-based quantum communication systems, which may not be feasible for all organisations.
Traditional QKD systems rely on fiber optics, which can limit the distance over which they operate effectively. But this is a very similar situation to the early days of fibre optic classical communication, which obviously continued to improve, brought costs down, and now provides the backbone of our communications. Regardless, it’s clear that QKD is the safest defence against a quantum computer.
KETS contribution to the landscape is its chip-based approach to QKD systems which removes many of these early commercialisation drawbacks. Unlike traditional QKD systems, KETS solutions use integrated quantum photonic chips as their photonic engine. These chips, which contain all the optics one requires, are smaller than a fingernail and can be packaged with standard optical and electrical inputs and outputs. Manufacturing and producing systems now becomes much more akin to assembling a desktop computer and can easily start to be done at scale. However, overall.
Invest in quantum cybersecurity now
Despite the lack of urgency in the Cyber Security and Resilience Bill, the arrival of quantum computers is inevitable. Critical infrastructure must invest in quantum cybersecurity now to avoid devastating data breaches, financial loss, and reputational damage when they do.
The European Union is already introducing regulations that stipulate organisations need to protect against quantum computers. For instance, the Digital Operational Resilience Act sets out requirements for data protection and cryptography, stating financial institutions “shall use ICT solutions and processes” that “(a) ensure the security of the means of transfer of data” or “(c) prevent […] the impairment of the authenticity and integrity, the breaches of confidentiality and the loss of data.” Although the framework doesn’t mention quantum computing, the implication is that financial institutions need to prepare for the threat they will provide.
Customers and partners will also demand strong cybersecurity assurances. Companies that adopt quantum-safe measures early will gain a competitive advantage by demonstrating their commitment to data security.
Retrofitting security after Q Day will be significantly more expensive than implementing proactive measures now. Investing in quantum-resistant technologies today minimises future risks and costs.
Q Day will mark one of the most significant cybersecurity challenges of our time. While the exact timeline remains uncertain, the fact is that quantum computers will compromise today’s encryption standards. Organisations that fail to act now will be left exposed to an unprecedented wave of cyber threats.
By adopting quantum-safe cryptographic solutions and investing in hardware-based quantum security like QKD, enterprises everywhere can fortify themselves against the inevitable quantum revolution and protect themselves today against the harvest now, decrypt later threat. Waiting until the first quantum cyberattack occurs will be too late. The time to act is now. Before Q Day arrives and changes the cybersecurity landscape forever.
Ad
