Why we need to solve our quantum security challenges

microchip

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Louise Axon, Research Associate in Cybersecurity, University of Oxford & Sadie Creese, Professor of Cybersecurity, University of Oxford & Jamie Saunders, Oxford Martin Fellow, University of Oxford & William Dixon, Head of Operations, Centre for Cybersecurity, World Economic Forum


  • The quantum computing age is growing ever closer – and it could render current encryption systems obsolete.
  • These risks could also prevent this technology’s true value from being realised.
  • Addressing this issue requires action at the national and global levels – now.

Last week, the industrial giant Honeywell announced that it has built the world’s fastest quantum computer, overtaking their main competitors IBM and Google in a technological arms race that has the potential to unlock trillions of dollars of value to the world’s economy.

Using lasers to target atoms suspended in absolute-zero temperatures, Honeywell took the world one step closer to a quantum future that will bring about major advances across industries including healthcare, computing, finance and mobility, but most notably security.

 

The most significant implications of this technological arms race are increasingly being felt by the global cybersecurity community. This is because quantum computing has the potential, if used maliciously, to break the systemically important cryptographic underpinnings of the infrastructure on which enterprises and the wider digital economy rely. Furthermore, the community has to act now to ultimately ensure security and strategic advantage issues don’t become major barriers to fully realizing the potential transformative value of quantum technology.

Which sectors will create the most value with quantum computing?
Which sectors will create the most value with quantum computing?
Image: McKinsey & Company, Viva Technology

Quantum technology and the security ecosystem

At a recent meeting of the World Economic Forum Centre for Cybersecurity’s Future Series, a group of leading global technology, security and policy experts discussed the strategic cybersecurity issues arising from quantum technology. There are two major sets of challenges that require collective action by the global community:

1. Quantum computing has the potential to break the encryption on which most enterprises, digital infrastructures and economies rely

The sheer calculating ability of a sufficiently powerful and error-corrected quantum computer means that public key cryptography is “destined to fail“, and would put the technology used to protect many of today’s fundamental digital systems and activities at risk. The key exchanges, encryption and digital signatures that protect financial transactions, secure communications, e-commerce, identity and electronic voting all rely on mechanisms which would be made redundant in such a scenario.

Businesses and governments could be rendered unable to ensure the confidentiality, integrity and availability of the transactions and data on which they rely. Ultimately, this could put all our data at risk. While the timeline and potential impacts are debated by technology and security professionals, there is a clear potential future threat relevant to the risk decisions being made today. This is especially the case where sensitive data and systems currently being rolled out have long lifespans, such as in the healthcare sector, satellites, transportation vehicles and industrial control systems – all of which could be in operation for decades.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

The global ecosystem has created – and is increasingly rolling out – a range of shared infrastructures with distributed ownership and governance. Where these systems have long legacy tails, a collective dependence on cryptography that may be at risk already exists. This comes at a time when hyper-connectivity is leading to increasingly shared architectures, interconnected systems and interdependent business models. Infrastructure including the security of the internet’s architecture itself is underpinned by implementations of public-key cryptography (for example, SSL, TLS and HTTPS) that are distributed globally and which could be at risk.

2. The geopolitics of quantum technology could act as a barrier to unlocking its full value

National security concerns over sovereignty, and maintaining control over strategic capability, could also act as major barriers to unlocking the potential transformative value of quantum technology in the wider economy. Quantum technology has the potential to be game-changing for national security and the information race, and there is a real risk that competition will interfere with international collaboration and widen asymmetries in security and industrial capability. National governments are putting significant investment into the development of sovereign quantum technologies and skills, and several countries have already placed quantum technologies on their lists of controlled goods.

Complex security challenges can already be identified. These include communicating how quantum algorithms have made decisions (explainability), ensuring that the algorithms actually do what they purport to do and are not inherently biased (verification), and certifying the results they produce. While this issue exists for artificial intelligence (AI, other more transformational risks – including misuse by criminals and other actors – also exist.

Responding to the quantum security challenge

Addressing these risks requires action now both at an individual enterprise as well as at a collective level. An approach similar to the global technology councils that emerged to manage AI might be required to govern the full range of global governance principles and models as quantum technology rolls out. A list of principles could include promoting the ethical use of quantum resources or ensuring that quantum infrastructure is not used to break standard encryption, as well as enabling equitable access so that ‘quantum poverty’ doesn’t emerge.

One key step will also be building ‘quantum literacy’ across the ecosystem at an enterprise and policy leadership level. There is an need to educate and train leaders on what is meant by quantum technology; its different elements, when it might become available and at what rates, the nature of the associated risks and how they apply to organizations, and what, therefore, needs to be protected. Enterprise leaders are among the first who will need to make judgements on the materiality of the quantum risk to their business and decide when and how to act. There is also a need for a sector-by-sector analysis to explore where there are distributed industries who need to move together to address the threat collectively; this is most important when the responsibility for driving this transition is unclear.

Incentivizing the adoption of quantum-resistant cryptography is a possible solution – but to secure the global ecosystem, policy and governance initiatives will be needed. Standards such as NIST’s post-quantum cryptography challenge can clarify the practices that should be adopted by individual organizations, and by ensuring international interoperability of these and similar standards we can take a critical step in enabling broader adoption across the globe.

Conclusion

As a strategically important technology, and one that is generating record amounts of investment, we are at a tipping point in the quantum arms race that is developing between nations. The technology has the potential to generate major and systemic risks to the ecosystem, which – unless we act collectively in order to address the obstacles – might act as major barriers to unlocking the true value of quantum technology. This offers an opportunity, especially to the cybersecurity community, to pioneer the principles, approaches and multi-stakeholder ecosystem that will be crucial in building the trust required to fully harness the promise of this new technology.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Iraq protests: UN calls for national talks to break ‘vicious cycle’ of violence

These countries are home to the highest proportion of refugees in the world

EU to lead one more fight against climate change at G7 summit

OECD leading multilateral efforts to address tax challenges from digitalisation of the economy

Trade/Human Rights: Commission decides to partially withdraw Cambodia’s preferential access to the EU market

The Czech economy is thriving but boosting skills and productivity and transitioning to a low-carbon productive model is vital to sustainable and inclusive growth

Timor-Leste Foreign Minister highlights value of UN in resolving conflicts

Pakistan: a long road ahead

EU mobilises €9 million to tackle the food crisis in Haiti

Commission moves to ensure supply of personal protective equipment in the European Union

Draghi’s negative interest rates help Eurozone’s cohesion

Financing the recovery must not burden the next generation

Inside the battle to counteract the COVID-19 ‘infodemic’

JADE Testimonial #2: Jacques @ Process mapping

Several crises in one: what effects will COVID-19 have on the global risk landscape?

Activist Greta Thunberg gets preview of UNHQ ahead of climate summit

Prisons are failing. It’s time to find an alternative

The smartest cyber investment is collective action. Here’s why

Vulnerable young people must not be blamed & stigmatised for violent radicalisation

Educate children in their mother tongue, urges UN rights expert

Banks and businesses must step up and work together to fight climate change

This South Korean city once had the biggest coronavirus outbreak outside of China. Now it’s reported zero new cases

This is how you should be social distancing – depending on where you are and what you’re doing

The future of work ‘with social justice for all’ tops agenda of centenary UN Labour conference

Commission adopts €4 billion investment package for infrastructure projects across 10 Member States

‘Harmonized’ plan launched to support millions of Venezuelan refugees and migrants

Costa Rica has doubled its tropical rainforests in just a few decades. Here’s how

Time to be welcome: Youth work and integration of young refugees

How Leonardo da Vinci’s outsider status made him a Renaissance man

This Japanese concept will help you see the world – and learn – in a different way

UN launches Facebook Messenger-powered bot to take on climate change

Developing countries should not be liable for emissions ‘accumulated throughout history’, key UN development forum hears

Appalling overall unemployment in Eurozone at 20.6%

MEPs want to ensure sufficient funding for Connecting Europe’s future

Monday’s Daily Brief: Earth Day, looking for a solution to Libya crisis, focus on indigenous issues, Security Council on Sri Lanka, a high-level visit to Bangladesh

How face masks, gloves and other coronavirus waste is polluting our ocean

This Filipino journalist is fighting for press freedom in COVID-19 lockdown

6 of the world’s 10 most polluted cities are in India

Corruption is rife in the COVID-19 era. Here’s how to fight back

UN chief condemns attack in south-west Iran which killed dozens

The Sichuan Province of China presents its cultural treasure to the EU

Can elections in Italy and Germany derail Eurozone?

Food choices today, impact health of both ‘people and planet’ tomorrow

5 ways companies can support their remote workforce

This is how Europe is helping companies and workers as the coronavirus crisis deepens

Is this really it for the gig economy? Read on

We have the tools to beat climate change. Now we need to legislate

UNICEF urges all countries to provide ‘Super Dads’ with paid leave

How income-sharing agreements can improve access to education

IMF: How can Eurozone avoid stagnation

We generate 125,000 jumbo jets worth of e-waste every year. Here’s how we can tackle the problem

Posting of workers: final vote on equal pay and working conditions

Disintegrating Tories will void May’s pledge for Brexit deal in seven weeks

This is how attitudes to vaccines compare around the world

B-I-R-D: 4 digital technologies that can help supply chains take flight

G20 GDP growth nudges up to 1.0% in the second quarter of 2018

Indonesia’s imams are joining the fight against plastic bags

Trash bin at the top of the world: can we prevent Arctic plastic pollution?

‘Deeply concerned.’ WHO officials stress the need for continued vigilance – WHO briefing

COVID-19: More new virus cases outside China than in, ‘no time for complacency’, says UN health agency

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s