Quantum computers have primarily resided within the realm of research universities, government offices, and leading scientific companies, making them inaccessible to malicious actors. However, there is a growing concern that this will not remain the case indefinitely
As advancements in quantum computing continue, there is a genuine fear that these powerful machines could potentially render current data encryption methods obsolete. Consequently, new cryptographic techniques must be developed to safeguard against their potential capabilities.
Federal Action and Quantum Computing Security:
The discourse surrounding quantum computers has recently experienced a surge in discussions, partly due to ongoing federal initiatives. In May 2022, President Biden released a national security memorandum that emphasised the importance of addressing quantum computing security concerns. This was followed by the passing of the Quantum Computing Cybersecurity Preparedness Act by the U.S. House of Representatives in June, which mandated federal agencies to transition their information technology systems to post-quantum cryptography.
The Power of Quantum Computing:
Current computers, even the most powerful ones, face substantial challenges when attempting to crack security keys due to their complexity. Breaking down standard encryption keys typically requires years, even in optimal circumstances, making encryption a highly valuable security asset.
Quantum computing has the potential to drastically reduce the time required to crack encryption keys from years to mere hours. Experts believe that many widely used public-key encryption methods, such as RSA, Diffie-Hellman, and elliptic curves, could eventually become relatively easy for quantum computers to solve.
While commercial quantum computing remains some distance away, a study by the National Academies suggests that future quantum computers capable of breaking codes would require 100,000 times more processing power and an error rate 100 times better. Although these advancements could take over a decade, security leaders must proactively address this eventuality.
Leveraging Defence In-Depth:
Though quantum-based attacks may be on the horizon, organisations must adopt strategies to defend data in transit once encryption is no longer effective. Best practices include network segmentation, utilising private 5G networks, and implementing Zero Trust architectures. Organisations must also focus on securing data at rest. Many databases currently employ encryption techniques that may become obsolete in the face of quantum computing. Thus, storing sensitive data offline or regularly re-encrypting it with newer technologies may be necessary. Presently, various forms of data, from browser caches to password managers and local Outlook email files, are encrypted. However, should this encryption become vulnerable, organisations may need to limit overall distribution to mitigate risks until more robust quantum encryption methods are developed.
While the threat of quantum-related cyberattacks is not immediate, it is nevertheless a concern that should not be dismissed. Cyber security professionals must remain agile and adaptable in the face of emerging threats and evolving vulnerabilities. As we navigate this next frontier, it is essential to maintain a strong foundation in cyber security. Preparation for the future of quantum computing is paramount; organisations must equip themselves to mitigate this emerging threat while also addressing the multitude of risks that currently impact their enterprises. Employing a defence-in-depth approach serves as a comprehensive defence against various attack vectors, ensuring blanket coverage and enhanced protection. In conclusion, as quantum computing rapidly progresses, the need for advanced cyber security measures becomes increasingly urgent. By staying ahead of the curve and actively addressing the potential vulnerabilities that quantum computing presents, organisations can safeguard their data and infrastructure in the face of this emerging threat.