Why we need to solve our quantum security challenges

microchip

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Louise Axon, Research Associate in Cybersecurity, University of Oxford & Sadie Creese, Professor of Cybersecurity, University of Oxford & Jamie Saunders, Oxford Martin Fellow, University of Oxford & William Dixon, Head of Operations, Centre for Cybersecurity, World Economic Forum


  • The quantum computing age is growing ever closer – and it could render current encryption systems obsolete.
  • These risks could also prevent this technology’s true value from being realised.
  • Addressing this issue requires action at the national and global levels – now.

Last week, the industrial giant Honeywell announced that it has built the world’s fastest quantum computer, overtaking their main competitors IBM and Google in a technological arms race that has the potential to unlock trillions of dollars of value to the world’s economy.

Using lasers to target atoms suspended in absolute-zero temperatures, Honeywell took the world one step closer to a quantum future that will bring about major advances across industries including healthcare, computing, finance and mobility, but most notably security.

 

The most significant implications of this technological arms race are increasingly being felt by the global cybersecurity community. This is because quantum computing has the potential, if used maliciously, to break the systemically important cryptographic underpinnings of the infrastructure on which enterprises and the wider digital economy rely. Furthermore, the community has to act now to ultimately ensure security and strategic advantage issues don’t become major barriers to fully realizing the potential transformative value of quantum technology.

Which sectors will create the most value with quantum computing?
Which sectors will create the most value with quantum computing?
Image: McKinsey & Company, Viva Technology

Quantum technology and the security ecosystem

At a recent meeting of the World Economic Forum Centre for Cybersecurity’s Future Series, a group of leading global technology, security and policy experts discussed the strategic cybersecurity issues arising from quantum technology. There are two major sets of challenges that require collective action by the global community:

1. Quantum computing has the potential to break the encryption on which most enterprises, digital infrastructures and economies rely

The sheer calculating ability of a sufficiently powerful and error-corrected quantum computer means that public key cryptography is “destined to fail“, and would put the technology used to protect many of today’s fundamental digital systems and activities at risk. The key exchanges, encryption and digital signatures that protect financial transactions, secure communications, e-commerce, identity and electronic voting all rely on mechanisms which would be made redundant in such a scenario.

Businesses and governments could be rendered unable to ensure the confidentiality, integrity and availability of the transactions and data on which they rely. Ultimately, this could put all our data at risk. While the timeline and potential impacts are debated by technology and security professionals, there is a clear potential future threat relevant to the risk decisions being made today. This is especially the case where sensitive data and systems currently being rolled out have long lifespans, such as in the healthcare sector, satellites, transportation vehicles and industrial control systems – all of which could be in operation for decades.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

The global ecosystem has created – and is increasingly rolling out – a range of shared infrastructures with distributed ownership and governance. Where these systems have long legacy tails, a collective dependence on cryptography that may be at risk already exists. This comes at a time when hyper-connectivity is leading to increasingly shared architectures, interconnected systems and interdependent business models. Infrastructure including the security of the internet’s architecture itself is underpinned by implementations of public-key cryptography (for example, SSL, TLS and HTTPS) that are distributed globally and which could be at risk.

2. The geopolitics of quantum technology could act as a barrier to unlocking its full value

National security concerns over sovereignty, and maintaining control over strategic capability, could also act as major barriers to unlocking the potential transformative value of quantum technology in the wider economy. Quantum technology has the potential to be game-changing for national security and the information race, and there is a real risk that competition will interfere with international collaboration and widen asymmetries in security and industrial capability. National governments are putting significant investment into the development of sovereign quantum technologies and skills, and several countries have already placed quantum technologies on their lists of controlled goods.

Complex security challenges can already be identified. These include communicating how quantum algorithms have made decisions (explainability), ensuring that the algorithms actually do what they purport to do and are not inherently biased (verification), and certifying the results they produce. While this issue exists for artificial intelligence (AI, other more transformational risks – including misuse by criminals and other actors – also exist.

Responding to the quantum security challenge

Addressing these risks requires action now both at an individual enterprise as well as at a collective level. An approach similar to the global technology councils that emerged to manage AI might be required to govern the full range of global governance principles and models as quantum technology rolls out. A list of principles could include promoting the ethical use of quantum resources or ensuring that quantum infrastructure is not used to break standard encryption, as well as enabling equitable access so that ‘quantum poverty’ doesn’t emerge.

One key step will also be building ‘quantum literacy’ across the ecosystem at an enterprise and policy leadership level. There is an need to educate and train leaders on what is meant by quantum technology; its different elements, when it might become available and at what rates, the nature of the associated risks and how they apply to organizations, and what, therefore, needs to be protected. Enterprise leaders are among the first who will need to make judgements on the materiality of the quantum risk to their business and decide when and how to act. There is also a need for a sector-by-sector analysis to explore where there are distributed industries who need to move together to address the threat collectively; this is most important when the responsibility for driving this transition is unclear.

Incentivizing the adoption of quantum-resistant cryptography is a possible solution – but to secure the global ecosystem, policy and governance initiatives will be needed. Standards such as NIST’s post-quantum cryptography challenge can clarify the practices that should be adopted by individual organizations, and by ensuring international interoperability of these and similar standards we can take a critical step in enabling broader adoption across the globe.

Conclusion

As a strategically important technology, and one that is generating record amounts of investment, we are at a tipping point in the quantum arms race that is developing between nations. The technology has the potential to generate major and systemic risks to the ecosystem, which – unless we act collectively in order to address the obstacles – might act as major barriers to unlocking the true value of quantum technology. This offers an opportunity, especially to the cybersecurity community, to pioneer the principles, approaches and multi-stakeholder ecosystem that will be crucial in building the trust required to fully harness the promise of this new technology.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Business uncertainty rises as US grants only temporary exception to EU for steel and aluminium tariffs

You can live up to 10 years longer by doing these 5 things

We need new tools for the Big Data era

One good reason to feel less blue about the future of our oceans

Will 2020 be the year blockchain overcomes its hype?

Online platforms: improving transparency and fairness for EU businesses

Trump’s trade war splits the EU; Germany upset with Juncker’s “we can be stupid too”

India is building a high-tech sustainable city from scratch

EP negotiators: recovery plan crucial, but do not trade long-term for short-term

UN investigates systematic sexual violence across South Sudan

Europe can be at the heart of tech with purpose

Decades of progress ‘can be wiped out overnight,’ UN chief laments at climate session in Yokohama

EU citizens want more competences for the EU to deal with crises like COVID-19

Colombia: Rights experts condemn killing of reintegrated former rebel fighter, call for respect of peace process

With Caribbean island life under threat, UN chief pushes to face ‘headwinds together’

SMEs are driving job growth, but need higher investment in skills, innovation and tech to boost wages and productivity

MEPs want ambitious funding for cross-border projects to connect people

Thursday’s Daily Brief: ambulance attack in Libya, #GlobalGoals defenders, human rights in Cambodia, Swine Fever

ILO: Unemployment to increase by 8.1 million in 2013-2014

Statement on the Code of Practice against disinformation: Commission asks online platforms to provide more details on progress made

Boosting adult learning essential to help people adapt to future of work

Online shopping across the EU to be easier from 3 December

Antitrust: Commission fines Google €4.34 billion for illegal practices regarding Android mobile devices to strengthen dominance of Google’s search engine

What if Trump wins the November election and Renzi loses the December referendum?

Mental Health of Health Professionals Facing COVID-19

Prospect of a nuclear war ‘higher than it has been in generations’, warns UN

Phone lines open between Ethiopia and Eritrea, and people are calling strangers

COVID-19: Commission launches European team of scientific experts to strengthen EU coordination and medical response

These 4 Nordic countries hold the secret to gender equality

Deal on new rules for EU regional, cohesion and social funds over next 7 years

Five avoidable deaths per minute shows urgent need for action on patient safety

How data can help mining companies tackle their trust deficit

How cities, not states, can solve the world’s biggest problems

The global economy is woefully unprepared for biological threats. This is what we need to do

Ceasefire holds in Tripoli, but core problems remain, says UN Libya mission chief

How two colossal Assyrian icons were recreated using digital tech

These are the OECD’s most productive economies

First EU collective redress mechanism to protect consumers

In Tanzania, UN refugee chief praises ‘regional peacemaker’ role, and efforts to welcome neighbours on the run

Businesses are lacking moral leadership, according to employees

Our poisonous air is harming our children’s brains

Japan should reform retirement policies to meet challenge of ageing workforce

Sustainable finance: Commission welcomes deal on an EU-wide classification system for sustainable investments (Taxonomy)

Russia and the EU ‘trade’ natural gas supplies and commercial concessions in and out of Ukraine

New UN-supported farming app is cream of crop in tackling Sahel pest

COVID-19 is widening the education gap. This is how we can stop it

UN Security Council condemns Taliban offensive as a blow against ‘sustainable peace’

EU and China discuss trade and economic relations

MEPs propose measures to combat mobbing and sexual harassment

Strawberries and child support; a Thai partnership

Eurozone: Retail sales betray economic frailty

Turkey needs to step up investment in renewables to curb emissions

MEPs back plans to promote water reuse for agricultural irrigation

Call to revitalize ‘language of the ancestors’ for survival of future generations: Indigenous chief

What can each individual do to lessen the burden of mental health in times of the pandemic?

What you need to know about the Sustainable Development Impact Summit

Yemen bus attack just the latest outrage against civilians: UN agencies

Migrants and refugees face higher risk of developing ill-health, says UN report on displaced people in Europe

Quality of air in Bucharest-Romania: is it fog or is it smog?

It’s time for the world to stand up behind South Africa

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s