Security

What Are the Security Implications of Quantum Computing?

According to cybersecurity experts, quantum computing poses risks to organizations’ encryption of data, but there are efforts underway to address those challenges.

Phil Goldstein

Twitter

Phil Goldstein is a former web editor of the CDW family of tech magazines and a veteran technology journalist.

Quantum computing remains a nascent — if highly promising — technology. Experts say that quantum computers could operate at much more powerful levels than today’s traditional computers, allowing organizations (and society) to solve certain computational problems significantly faster.

While the future is uncertain, quantum computers have the potential to revolutionize a variety of fields, including drug discovery and materials sciences. But quantum computing also poses cybersecurity risks, which IT leaders should start thinking about in advance.

“With quantum, there’s the potential that what we deem to be quantum safe or quantum resilient today isn’t in five years,” says Heather West, research manager specializing in quantum computing at IDC.

“This whole thought process and how we implement these cryptographic solutions has to be rethought. And the idea is to be crypto agile and make it so that it’s easy to update the different algorithms that are protecting the systems and infrastructure, so that organizations can be prepared when — not if — they get breached.”

Click the banner to learn about CDW’s identity and access management solutions.

What Is Quantum Computing?

Quantum computers differ from traditional computers in one fundamental way: traditional computers’ building blocks are bits of data that can have the value of 0 or 1, like an on-off switch. Quantum computers, on the other hand, are built on qubits, which can hold the value of 0, 1 or any number in between.

There are naturally occurring qubits in the universe, including ions, atoms and photons, as well as man-made qubits, known as superconducting qubits, West notes. The latter need to be kept at extremely cold temperatures (around minus 273 degrees Kelvin), which often requires them to be encased in specialized refrigerators. (The most common images of quantum computers feature the gold “chandeliers” that encase those fridges.)

Qubits’ superposition state can never be measured (the minute anyone tries, it flattens into a 0 or 1), and multiple qubits can be entangled together. These properties give quantum computers their power, allowing scientists and engineers to solve distinct classes of problems, West says.

EXPLORE: How to get zero trust architecture right from the outset.

The first is simulating natural processes, which can be used to generate new compounds for materials sciences or for developing personalized drugs. The second involves solving complex algebraic math problems, such as artificial intelligence or encryption problems. And the third involves optimization problems, which is where quantum computing speeds up the time it takes to solve problems.

Currently, quantum computers require lots of money and energy to build and maintain, says Jon France, CISO of (ISC2), a nonprofit cybersecurity association. “They are huge. They’re not small, they’re not commoditized, and if we look at the horizon, it’s probably going to be another three to 10 years before they become commercially viable. Even then, they’re likely to be relatively expensive.”

It depends where your footprint is. For the majority of us, it’s a tomorrow problem, but be aware of what it might take today.”

Jon France CISO, (ISC2)

How Does Quantum Computing Impact Security?

The advent of quantum computing raises several cybersecurity concerns for IT leaders. Most significantly, quantum computers could be used to crack public key infrastructure (PKI) that is used to secure a multitude of common web interactions.

Additionally, malicious actors could steal sensitive data today and then wait for quantum computing to advance to the point where it can be used to easily break today’s advanced encryption technologies. There’s still time to get ahead of these challenges, experts say, but IT leaders must be aware of the risks and remain agile.

WATCH: Checkout the incredible power of quantum computing on business.

What Are the Security Risks to Expect from Quantum Computing?

A key area of vulnerability, France says, concerns asymmetric encryption algorithms, used for things such as the HTTPS web protocol.

“If it’s a public key cryptography, it’s probably using one of the vulnerable algorithms,” France says. Organizations need to think about how to replace algorithms that are vulnerable with safe ones, but some of those are going to be difficult to change, he explains.

For instance, an Internet of Things device that uses PKI may not have the computing power to take in a new algorithm or be updated. “We’re going to have things in market that are probably going to be vulnerable for quite some time,” he says.

Quantum computing also leaves organizations vulnerable to the “collect now, break later” mentality, France says, in which attackers could steal data that is encrypted now, wait five or so years for quantum computers to scale up and become more widely available, then use them to decrypt the data.

This is more of a concern for governments or enterprises that have secret data with a long shelf life. “You’ve really got to be thinking about it now,” France says.

West says that government information, defense information, data held by financial institutions and possibly medical information might be impacted by this risk. “The problem is that now people are stealing it and holding onto it until later,” she says. “That’s where we have to start thinking about this, and these initiatives are starting to come into play.”

With quantum, there’s the potential that what we deem to be quantum safe or quantum resilient today isn’t in five years.”

Heather West Research Manager specializing in Quantum Computing, IDC

What Steps Can IT Leaders Take to Protect Critical Infrastructure?

There are many steps IT leaders can take to guard against quantum computing cybersecurity risks. For starters, stay abreast of developments in quantum computing generally and what is being done to create so-called post-quantum algorithms that can withstand quantum-based efforts to decrypt them. “Do a little bit of education,” France says.

The National Institute of Standards and Technology has been leading an effort for years to foster the creation of these, the first four of which were picked in 2022. In August, it started the process of standardizing those, and NIST is also seeking new proposals to keep ahead of attackers.

These algorithms are not going to be needed to protect every class of data, West notes. Organizations will need to determine what data is worth protecting most and “then potentially overlay different types of cryptographic solutions to best protect their infrastructure,” West says.

Vendors such as IBM are offering what they say are quantum-secure systems. However, any upgrade is going to be complex and costly, West notes.

Organizations should start by identifying internal champions to stay on top of these trends and learn about new quantum-resistant algorithms and “how they might be implemented in the products that would be best suited for that particular organization,” West says.

Vendors and trusted third parties can also help with consulting services to identify the data and infrastructure that needs to be secure from quantum-based attacks, as well as the best solutions, “because one solution for one organization might not be the best fit for another.”

And though it is important to consider the security implications of quantum computing now, France says that IT leaders at most organizations should keep it on their radar but continue to focus more immediately on zero-trust architecture.

“It depends where your footprint is,” France says. “For the majority of us, it’s a tomorrow problem, but be aware of what it might take today.”

mladn61/Getty images