The quantum computer revolution: here tomorrow, so we must prepare today

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Phil Quade, Chief Information Security Officer, Fortinet

• The impact of quantum computing on internet security will be so great we must start planning now.

• The impact of quantum computing on internet security will be so great we must start planning now.

• Its exponentially higher processing power will render widely used cryptography obsolete.

• ‘Security agility’ – crypto agility – is a key concept in being quantum-ready.

Strategic thinking has enabled many of mankind’s greatest successes. But when some leaps are just too big for a single bound, or seem too far into the future, strategic acting – incremental, consistent decision-making consistent with a long-term vision – can serve as an enabler for future success.

While an operationally viable quantum computer seems beyond the horizon to most, the steps needed to prepare for its inevitability are indeed within sight. We need more advanced planning in cyberspace to prepare for the impact of quantum computing, where, without some changes, it will undercut all internet integrity and confidentiality – an economic and social disaster. This is where strategic acting can come into its own.

A quantum computer is radically disruptive; it will use a different method to represent and compute information, allowing much, much faster speeds. It’s not just evolutionary, but revolutionary. Quantum computers will be as revolutionary in this century as computers were to last century’s mechanical calculators. They’ll be built by, essentially, leveraging the properties of atoms we studied in physics class. They can be millions of times faster.

A quick primer on internet security foundations might help us understand this disruptive potential.

Confidentiality, Integrity and Authentication – of people, machines, software and data – underpin all internet security (and undermines it when poorly implemented); cryptography – the use of mathematical equations to protect information – is at their foundation:

• Confidentiality (e.g. scrambling data to render it private)

• Integrity (e.g. preventing attempts to falsely change “deposited $100” to “deposited $10,000”)

• Authentication (e.g. verifying the identity of the person you’re communicating with)

How does something as important as cryptography work? A good analogy is a combination lock on a high-school locker. (In this analogy, the padlock is the cryptographic “algorithm”, and its secret numbers are the cryptographic “key”.) Combination locks have two security functions: lock – a simple mechanism that requires you to do nothing more than push it together to close/secure; unlock – a relatively complex mechanism that relies on secret numbers provided to the lock through a clockwise/counter-clockwise motion. That’s what well-designed and implemented cryptography is: a mechanism to easily apply the security, but completely impractical to guess unless you know the key to unlock it.

But once an operationally viable quantum computer is produced, it can guess the possibilities at a substantially faster rate: exponentially so.

If you tried to read a cryptographically scrambled message by guessing the cryptographic key with today’s fastest computers – even working together – it is not practical. The mathematics of cryptography triumph over computer science. Cryptanalysts may try to use supercomputers (combined with mathematical insights), but it’s completely impractical to brute-force a modern crypto algorithm’s key, which is why cryptography serves as the foundation of security.

For decades, engineers made computers with more computational power by either speeding up the time it takes a processor to evaluate each individual binary possibility, or adding multiple processors that look in parallel at different possibilities. In theory, with enough speed and parallel processing, you could test all possible lock combinations (the cryptographic key).

But manufacturing complexities create a practical limit to the first approach. And the second technique, parallel processing, becomes prohibitive due to processor costs and the expense to power and cool them (they melt or otherwise malfunction when running fast and in close proximity).

Therefore, well-designed and implemented cryptography is far beyond the reach of fast/parallel processor supercomputers’ ability to guess each possibility.

But quantum computers can make many more guesses at once. Sometimes resulting in exponential (the doubling, of a doubling of an amount, etc.) increase in processing power, rather than the incremental increases possible with traditional computers. Importantly, certain kinds of mathematical problems are well-suited for a quantum computer.

Most believe an operationally viable quantum computer – one that is both reliable and has a useful number of qubits (the data units of quantum computers) – is five to 15 years away and that a handful of countries are pursuing that goal.

We need to prepare now. This is how:

1. Make “security agility” part of your operational security doctrine. When purchasing cybersecurity in the next two to five years, tell your providers you want “crypto agility”, i.e. the seamless ability to swap to “quantum-resistant asymmetric cryptographic algorithms” when available.

2. Adopt quantum-resistance cryptographic algorithms when available. Ideally, use a standard quantum-resistant algorithm several years before a quantum computer is thought to be available, because:

• Uncertainty: Quantum computer availability is unknown (the most advanced research on them is classified).

• Interoperability: There needs to be a seamless transition to this new class of cryptography. There will be a time where crypto agility – the ability to securely and agilely choose and use different types of cryptography – will enable communication with both those who use quantum-resistant cryptography and those who don’t yet.

3. Inventory your data assets to see which ones need to be re-encrypted with quantum-resistance cryptographic algorithms. Some data is so valuable that it has a long shelflife (decades) and must be protected from those adversaries who would steal your encrypted data now and “break” it with quantum computers available in the future.

4. Awareness and education. Tell your colleagues what it’s all about and why they should care, making a distinction between three main topics: quantum computing (much faster computers);quantum-resistant cryptography (algorithms that need to be developed and adopted to prepare for the eventual computers); and quantum key exchange (a means to privately share information while detecting when it has been compromised).

What is the World Economic Forum doing on cybersecurity

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority. World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation – to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience – to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Quantum computers will be revolutionary in their speeds, so much so that they can undermine the foundation of the internet’s security. They are not simply a technical curiosity to marvel at, but a revolution that requires us to plan for their arrival ahead of time, since they can undermine internet security. We should adopt agile, integrated cybersecurity strategies now – including agile cryptography – to ensure we’re prepared for the age quantum computers will usher in.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

From Sweden to India, School climate strikes have gone global

Close to final agreement on the EU Banking Union

Mergers: Commission fines Canon €28 million for partially implementing its acquisition of Toshiba Medical Systems Corporation before notification and merger control approval

Environment Committee MEPs push for cleaner trucks and electric buses

Here are six bold ideas to accelerate sustainable energy innovation

Employment MEPs want to ensure more flexibility and clarity for EU mobile workers

July was the hottest month ever – what does that actually mean?

Gender is where the feminist and LGBTI movements meet. Here’s why

Bold measures needed to protect cross-border and seasonal workers in EU, MEPs say

China’s New Normal and Its Relevance to the EU

Where are the charities in the great Artificial Intelligence debate?

European Youth Forum welcomes steps towards raising awareness of youth rights by EU ministers

How a bionic arm is helping one little girl enjoy the things most take for granted

3 leaders on creating a pipeline for female talent in business

‘Nothing left to go back for’: UN News hears extraordinary stories of loss, and survival as Mozambique rebuilds from deadly cyclones

Canada needs to increase foreign aid flows in line with its renewed engagement

Climate change: Another year of record gas emissions, warns UN meteorological agency

JADE Generations Club: Connecting perspectives, changing Europe.

Banks can fight financial crime. But we can’t do it alone

Smoking VS Vaping: is it a battle?

Yes, together we can make a change! YO!Fest and EYE 2016

EU to Telcos: Stop Mergers and Acquisitions but please help me urgently with 5G development

UN receives ‘Humanium’ wristwatch gift, symbolizing peaceful transformation

COVID-19 and natural disasters: €823 million in EU aid for eight member states

The blackened white coat of the doctors

5 Black heroes of the environmental movement

Here are five ways we can make mental healthcare better

Is 2019 the beginning of the end for coal in Europe?

Primary Healthcare vs Specialization Careers, how to promote PHC to the Young Health Workforce?

ECB with an iron hand disciplines the smaller Eurozone member states; latest victim: Greece

The green hydrogen revolution has started, and it won’t be stopped

German banks suffer of nausea amidst rough seas

What is behind the wide reach of  fake news about Coronavirus?

Who will secure Lithuania?

After Rio Grande tragedy, UNICEF chief highlights ‘dire’ detention centres on US-Mexico border

US-China trade war: Washington now wants control of the renminbi-yuan

Portugal wants its emigrants back – so it’s paying them to return

Coronavirus: Commission presents “Staying safe from COVID-19 during winter” strategy

Why Obama asks approval from Congress to bomb Syria?

A quarter of Americans have no retirement savings

How to build an entrepreneurial university

European Commission launches infringement proceedings against the UK following its failure to name a candidate for EU Commissioner

10 ways COVID-19 could reshape offices

Eurozone closer to a deflation – stagnation trap

90% of European Jews say antisemitism is getting worse

The clothes of the future could be made from pineapples and bananas

Security Council gravely concerned by Ebola outbreak in DR Congo, demands immediate end to violence hampering response

Safer products: EP and Council close deal to beef up checks and inspections

“Unequivocal support” for the people of Bulgaria in their legitimate demands

How Cameron unwillingly helped Eurozone reunite; the long-term repercussions of two European Council decisions

European research priorities for 2021-2027 agreed with member states

Western Sahara: a ‘peaceful solution’ to conflict is possible, says UN envoy

Serious concerns over Sahel, require ‘urgent action’: Senior UN Africa official

We don’t know how autonomous vehicles will depreciate – and that’s a problem

Bayer-Monsanto merger: the story of the rise of the “endless company”

UN launches new fund to advance sustainable development in Aral Sea region

More countries are making progress on corruption – but there’s much to be done, says a new report

Strong multilateral institutions key to tackling world’s dramatic challenges, UN chief says In Moscow

The Italian crisis may act as a catalyst for less austerity

State aid: Commission approves Belgian scheme deferring payment by Walloon airports of concession fees to mitigate economic impact of coronavirus outbreak

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s