Why we need to solve our quantum security challenges

microchip

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Louise Axon, Research Associate in Cybersecurity, University of Oxford & Sadie Creese, Professor of Cybersecurity, University of Oxford & Jamie Saunders, Oxford Martin Fellow, University of Oxford & William Dixon, Head of Operations, Centre for Cybersecurity, World Economic Forum


  • The quantum computing age is growing ever closer – and it could render current encryption systems obsolete.
  • These risks could also prevent this technology’s true value from being realised.
  • Addressing this issue requires action at the national and global levels – now.

Last week, the industrial giant Honeywell announced that it has built the world’s fastest quantum computer, overtaking their main competitors IBM and Google in a technological arms race that has the potential to unlock trillions of dollars of value to the world’s economy.

Using lasers to target atoms suspended in absolute-zero temperatures, Honeywell took the world one step closer to a quantum future that will bring about major advances across industries including healthcare, computing, finance and mobility, but most notably security.

 

The most significant implications of this technological arms race are increasingly being felt by the global cybersecurity community. This is because quantum computing has the potential, if used maliciously, to break the systemically important cryptographic underpinnings of the infrastructure on which enterprises and the wider digital economy rely. Furthermore, the community has to act now to ultimately ensure security and strategic advantage issues don’t become major barriers to fully realizing the potential transformative value of quantum technology.

Which sectors will create the most value with quantum computing?
Which sectors will create the most value with quantum computing?
Image: McKinsey & Company, Viva Technology

Quantum technology and the security ecosystem

At a recent meeting of the World Economic Forum Centre for Cybersecurity’s Future Series, a group of leading global technology, security and policy experts discussed the strategic cybersecurity issues arising from quantum technology. There are two major sets of challenges that require collective action by the global community:

1. Quantum computing has the potential to break the encryption on which most enterprises, digital infrastructures and economies rely

The sheer calculating ability of a sufficiently powerful and error-corrected quantum computer means that public key cryptography is “destined to fail“, and would put the technology used to protect many of today’s fundamental digital systems and activities at risk. The key exchanges, encryption and digital signatures that protect financial transactions, secure communications, e-commerce, identity and electronic voting all rely on mechanisms which would be made redundant in such a scenario.

Businesses and governments could be rendered unable to ensure the confidentiality, integrity and availability of the transactions and data on which they rely. Ultimately, this could put all our data at risk. While the timeline and potential impacts are debated by technology and security professionals, there is a clear potential future threat relevant to the risk decisions being made today. This is especially the case where sensitive data and systems currently being rolled out have long lifespans, such as in the healthcare sector, satellites, transportation vehicles and industrial control systems – all of which could be in operation for decades.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

The global ecosystem has created – and is increasingly rolling out – a range of shared infrastructures with distributed ownership and governance. Where these systems have long legacy tails, a collective dependence on cryptography that may be at risk already exists. This comes at a time when hyper-connectivity is leading to increasingly shared architectures, interconnected systems and interdependent business models. Infrastructure including the security of the internet’s architecture itself is underpinned by implementations of public-key cryptography (for example, SSL, TLS and HTTPS) that are distributed globally and which could be at risk.

2. The geopolitics of quantum technology could act as a barrier to unlocking its full value

National security concerns over sovereignty, and maintaining control over strategic capability, could also act as major barriers to unlocking the potential transformative value of quantum technology in the wider economy. Quantum technology has the potential to be game-changing for national security and the information race, and there is a real risk that competition will interfere with international collaboration and widen asymmetries in security and industrial capability. National governments are putting significant investment into the development of sovereign quantum technologies and skills, and several countries have already placed quantum technologies on their lists of controlled goods.

Complex security challenges can already be identified. These include communicating how quantum algorithms have made decisions (explainability), ensuring that the algorithms actually do what they purport to do and are not inherently biased (verification), and certifying the results they produce. While this issue exists for artificial intelligence (AI, other more transformational risks – including misuse by criminals and other actors – also exist.

Responding to the quantum security challenge

Addressing these risks requires action now both at an individual enterprise as well as at a collective level. An approach similar to the global technology councils that emerged to manage AI might be required to govern the full range of global governance principles and models as quantum technology rolls out. A list of principles could include promoting the ethical use of quantum resources or ensuring that quantum infrastructure is not used to break standard encryption, as well as enabling equitable access so that ‘quantum poverty’ doesn’t emerge.

One key step will also be building ‘quantum literacy’ across the ecosystem at an enterprise and policy leadership level. There is an need to educate and train leaders on what is meant by quantum technology; its different elements, when it might become available and at what rates, the nature of the associated risks and how they apply to organizations, and what, therefore, needs to be protected. Enterprise leaders are among the first who will need to make judgements on the materiality of the quantum risk to their business and decide when and how to act. There is also a need for a sector-by-sector analysis to explore where there are distributed industries who need to move together to address the threat collectively; this is most important when the responsibility for driving this transition is unclear.

Incentivizing the adoption of quantum-resistant cryptography is a possible solution – but to secure the global ecosystem, policy and governance initiatives will be needed. Standards such as NIST’s post-quantum cryptography challenge can clarify the practices that should be adopted by individual organizations, and by ensuring international interoperability of these and similar standards we can take a critical step in enabling broader adoption across the globe.

Conclusion

As a strategically important technology, and one that is generating record amounts of investment, we are at a tipping point in the quantum arms race that is developing between nations. The technology has the potential to generate major and systemic risks to the ecosystem, which – unless we act collectively in order to address the obstacles – might act as major barriers to unlocking the true value of quantum technology. This offers an opportunity, especially to the cybersecurity community, to pioneer the principles, approaches and multi-stakeholder ecosystem that will be crucial in building the trust required to fully harness the promise of this new technology.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

The AI doctor won’t see you now

Refugees in Greece: MEPs demand solidarity, warn about impact of health crisis

Righting a wrong: UN Fund helps thousands of sex abuse survivors rebuild their lives

Data is the fuel of mobility. Don’t spill it for nothing

First EU collective redress mechanism to protect consumers

Study: Trade supports over 36 million jobs across the EU

World Food Day: here’s what the UN is doing to fix ‘intolerable’ wrong of hunger

Most people on the internet live in this country

1 in 7 people would choose not to fly because of climate change

Schaeuble wants IMF out and bailouts ‘a la carte’ with Germany only to gain

Brexit: European Commission publishes Communication on preparing for the UK’s withdrawal from the EU

The ECB must extend its money stimulus beyond 2018: Draghi reckoning

Logo Mania: A call to action to our crisis of connection

MWC 2016 LIVE: Qualcomm looks to pick up Hamilton’s winning ways

Berlin ‘orders’ the EU Parliament to compromise

Is it too soon to hope for a tobacco free Romania?

Trying to cure bank cancer with analgesics

UN sees progress in fight against tobacco, warns more action needed to help people quit deadly product

Our present and future tax payments usurped by banks

Gender equality: an issue much talked about but less acted upon

Health spending set to outpace GDP growth to 2030

Commission makes it easier for citizens to access health data securely across borders

How Britain’s backyard bird feeders are shaping evolution

Worldwide UN family celebrates enduring universal values of human rights

Can Eurozone’s uncertain growth answer the challenges that lie ahead?

Why the most important tool in healthcare is trust

Is the ECB ready to flood Eurozone with freshly printed money?

Is continuous sanctioning the way to resolve the Ukrainian crisis?

State aid: Commission approves €1.2 billion French “Fonds de solidarité” scheme for small enterprises in temporary financial difficulties due to coronavirus outbreak

EUREKA @ European Business Summit 2014: Innovation across borders – mobilising national R&D funds for transnational innovation in Europe

Violence will not deter Somali people in their pursuit of peace, says UN chief, in wake of lethal attacks

Thursday’s Daily Brief: Climate crisis and food risks, fresh violence threat for millions of Syrians, calls for calm in Kashmir

Foreign investment to be screened to protect EU countries’ strategic interests

This is what Belgium’s traffic-choked capital is doing about emissions

How COVID-19 could open the door for driverless deliveries

First do no harm. Why healthcare needs to change

Can green bonds help us manage climate risk?

The world wide web is 30. Here are 8 things you should know about it

These are the countries where most adults still don’t have a smartphone

Peer-to-peer learning: a way to develop medical students’ trainings

The eyes of Brazil and the world turn to the largest rainforest and largest biodiversity reserve on Earth #PrayForAmazonia.

3 ways governments and carmakers can keep up with the future of transport

What we can learn from Asia’s courts of the future

Iraq: Education access still a challenge in former ISIL-controlled areas

The impact of refugees on the European healthcare system

Parliament votes reform for better European Co2 market but critics want it sooner than later

The European Union and the United States reach an agreement on imports of hormone-free beef

#TakeYourSeat at the UN Climate Change Conference: a way for all people to join the global conversation

Bullheaded Madrid authorities confront Catalonia with force

Draghi to lay his print on long term ECB policies prior to exiting next year

Why will Paris upcoming “loose” climate change agreement work better than the previous ones?

Is Data Privacy really safe seen through Commissioner’s PRISM?

Marking Sir Brian Urquhart’s 100th birthday, UN honours life-long servant of ‘we the peoples’

Tsipras doesn’t seem to have learned his “almost Grexit” lesson and Greece faces again financial and political dead end

How India is harnessing technology to lead the Fourth Industrial Revolution

Here’s why the world’s recovery from COVID-19 could be doughnut shaped

4 bold new ways New York is going clean and green

Tusk fights back while charismatic Boris goes against everybody in Brussels pushing the UK to leave the EU now or never

From a refugee camp to Davos: one Co-Chair’s story

Ongoing insecurity in Darfur, despite ‘remarkable developments’ in Sudan: UN peacekeeping chief

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s